IT Brief Australia logo
Story image

Bait, hook and catch – targeted spearphishing on the rise

03 May 2019

Article by Barracuda Networks senior sales engineer Mark Lukie

Cybercriminals have a history of conducting attacks that cast a wide net hitting as many people as possible.

Most people have received emails from Nigerian princes offering to pay them an exorbitant sum of money, or drug companies offering a new drug to revolutionise their love life.

Cybercriminals now have their sights on enterprises using highly personalised attacks, going after fewer targets to extract a greater payload.

Spearphishing attacks, where a threat actor impersonates employees or popular web services, are on the rise.

At the end of 2018, the FBI warned that there was a 60% increase in 2018 in fake email schemes that aim at stealing money or tax data.

The latest social engineering iteration involves multiple steps.

Cybercriminals don’t randomly try to target executives with fake wire fraud.

Instead, they first infiltrate the organisation; then use reconnaissance and wait for the opportune time to trick targets by attacking from a compromised mailbox.

Step 1: Infiltration

Most attacks are easy for individuals to sniff out, containing weird addresses, bold requests or misspelled words.

Organisations are now seeing a rapid increase in personalised attacks that are difficult to spot, especially for people lacking security awareness.

A common example is an email apparently from Microsoft claiming they need to reactivate their Office 365 account.

It won’t appear suspicious, but if they hover over the link it’ll lead to a different website.

People with high security awareness would spot this, but the average employee wouldn’t.

The aim is to steal usernames and passwords.

Once the attacker gains control of these details, they can log into an account if multifactor authentication isn’t enabled.

Step 2: Reconnaissance

The attacker will typically monitor the account and read email traffic to learn about their organisation: who decision makers are, who can influence financial transactions or who has access to HR information.

They can also spy on interactions with partners, customers or vendors.

Step 3: Extract value

Attackers then launch a targeted attack.

They could send customers fake bank account information when they’re about to make a payment. Or trick employees to send HR information, wire money or click on links to collect additional information.

Since the email’s coming from a genuine (albeit compromised) account, it appears legitimate. Reconnaissance allows the attacker to perfectly mimic the sender’s signature and text style.

Take action

The best defence against phishing and spearphishing is to make users aware of the threats and techniques used by criminals.

1) User training

The best approach is to implement a simulation and training program to improve security awareness for an organisation’s users, to help them recognise subtle clues to identify phishing attempts. Regularly train and test all employees to increase security awareness. Staging simulated attacks for training purposes is by far the most effective method.

2) Authentication

Multifactor authentication is essential to stop attackers gaining access to accounts – whether an organisation uses SMS codes, mobile calls, key fobs, biometric thumbprints or retina scans.

3) AI protection

AI now offers some of the strongest hope of shutting down spearphishing.

By learning and analysing an organisation’s unique communications patterns, an AI engine can sniff out inconsistencies and quarantine attacks in real-time.

Story image
Transforming the finance department: is your enterprise trucking or trailing?
Wondering if your organisation has been as aggressive as it could be in embracing automation and adopting digital technologies? Check your progress against these benchmarks, advises BlackLine regional vice president for ANZ Claudia Pirko.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More
Story image
DXC Technology to drive digital transformation for Queensland-based company
Under an agreement, DXC will deliver a comprehensive end-to-end cloud solution with the aim of transforming business operations, driving innovation and growth, and building a future-proof organisation.More
Story image
Dynatrace introduces Session Replay, revamping mobile UX
The enhancements open the door for digmance feature adoptions ital teams to further optimise the user experience, performance feature adoptions and conversions of their mobile apps.More
Story image
Apple creates sweeping carbon removal fund
The US$200 million fund has set its goal to remove ’at least one million metric tons of carbon dioxide annually from the atmosphere’ — equivalent to the amount of fuel used by over 200,000 passenger vehicles.More
Story image
Telcos focus on security as new wave of 5G rolls out
Telcos are working to prioritise security measures to protect core network configuration services as the new wave of 5G networks commences.More