Story image

Bait, hook and catch – targeted spearphishing on the rise

03 May 2019

Article by Barracuda Networks senior sales engineer Mark Lukie

Cybercriminals have a history of conducting attacks that cast a wide net hitting as many people as possible.

Most people have received emails from Nigerian princes offering to pay them an exorbitant sum of money, or drug companies offering a new drug to revolutionise their love life.

Cybercriminals now have their sights on enterprises using highly personalised attacks, going after fewer targets to extract a greater payload.

Spearphishing attacks, where a threat actor impersonates employees or popular web services, are on the rise.

At the end of 2018, the FBI warned that there was a 60% increase in 2018 in fake email schemes that aim at stealing money or tax data.

The latest social engineering iteration involves multiple steps.

Cybercriminals don’t randomly try to target executives with fake wire fraud.

Instead, they first infiltrate the organisation; then use reconnaissance and wait for the opportune time to trick targets by attacking from a compromised mailbox.

Step 1: Infiltration

Most attacks are easy for individuals to sniff out, containing weird addresses, bold requests or misspelled words.

Organisations are now seeing a rapid increase in personalised attacks that are difficult to spot, especially for people lacking security awareness.

A common example is an email apparently from Microsoft claiming they need to reactivate their Office 365 account.

It won’t appear suspicious, but if they hover over the link it’ll lead to a different website.

People with high security awareness would spot this, but the average employee wouldn’t.

The aim is to steal usernames and passwords.

Once the attacker gains control of these details, they can log into an account if multifactor authentication isn’t enabled.

Step 2: Reconnaissance

The attacker will typically monitor the account and read email traffic to learn about their organisation: who decision makers are, who can influence financial transactions or who has access to HR information.

They can also spy on interactions with partners, customers or vendors.

Step 3: Extract value

Attackers then launch a targeted attack.

They could send customers fake bank account information when they’re about to make a payment. Or trick employees to send HR information, wire money or click on links to collect additional information.

Since the email’s coming from a genuine (albeit compromised) account, it appears legitimate. Reconnaissance allows the attacker to perfectly mimic the sender’s signature and text style.

Take action

The best defence against phishing and spearphishing is to make users aware of the threats and techniques used by criminals.

1) User training

The best approach is to implement a simulation and training program to improve security awareness for an organisation’s users, to help them recognise subtle clues to identify phishing attempts. Regularly train and test all employees to increase security awareness. Staging simulated attacks for training purposes is by far the most effective method.

2) Authentication

Multifactor authentication is essential to stop attackers gaining access to accounts – whether an organisation uses SMS codes, mobile calls, key fobs, biometric thumbprints or retina scans.

3) AI protection

AI now offers some of the strongest hope of shutting down spearphishing.

By learning and analysing an organisation’s unique communications patterns, an AI engine can sniff out inconsistencies and quarantine attacks in real-time.

Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.
Ping Identity offerings accelerates cloud MFA and SSO adoption
90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
EXCLUSIVE: Forcepoint global channel chief talks strategy
As a solution sold 100% via the channel, cybersecurity solutions company Forcepoint places a strong emphasis on its partner relationships.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."