ClickFix attackers using new tactic to evade detection, says Microsoft
Summary
Attackers behind the ClickFix phishing campaign are now using a new tactic involving Windows Terminal to bypass security measures and trick employees into running malicious PowerShell commands. This method evades traditional defenses that monitor the Run dialog and exploits social engineering tactics by presenting fake CAPTCHA or troubleshooting prompts.
IFF Assessment
This is bad news for defenders because attackers are actively developing new techniques to bypass existing security controls and awareness training.
Defender Context
Defenders should be aware of this evolving phishing tactic that leverages Windows Terminal and PowerShell to execute malicious code. Organizations need to update their detection rules and employee training to address these new attack vectors, focusing on recognizing unusual prompts and understanding the risks associated with executing commands in elevated terminals.