The Entec support team has been seeing an uptick in the frequency of a phishing technique that isn’t necessarily new, but attackers continue to be savvier in their ability to target and follow-through with their attack.
Now keep in mind, typical scammers are not out to hassle or disrupt your operation – they are out to make money. They do this by stealing and holding your data hostage, deploying a crypto malware to lock all your systems or threatening the release of damaging information to your public image. And we are seeing employee email as a popular target.
Imagine the amount of email threads between your vendors, partners, peers and customers. Most contain some kind of unique information which can be used as leverage by the attacker. While some of this information is sent using an encryption, not everything is guaranteed to be private.
The set up
Take as an example, communicating with your customer using their personal email account (which probably lacks a strong password or multifactor). This platform is a perfect target for the attacker. If they can compromise and read the contents of the personal email account, they will have access to all previous communications, information and threads. They can even sit in the account for months and gather reconnaissance on potential targets. Perhaps the attacker finds a thread between a law firm, healthcare organization or government agency and uses this historical information to launch a larger phishing campaign- not against the single user but against the more lucrative business targets. Then they attack.
The attack
The attack involves resurrecting an older thread and crafting a fake reply with a new link or attachment in hopes of furthering access by stealing more credentials, exfiltrating data via malware or installing cryptoware to lock all devices. Usually requiring a very expensive decryption key that the attacker will be happy to sell you. Then the attacker will exploit human curiousness by deploying social engineering techniques like these
- Communicating losing something
- A message about being fired.
- Indicating an email is time sensitive.
These help the attacker can get more clicks. And more clicks lead to more potential victims and a bigger payout.
The Attacker is in, what happens next?
Once the attacker has exfiltrated data or locked systems, they will reach out typically via email and give a short timeline to respond and meet the demands. They will also threaten to harass or leak data if you ignore the ransom or contact law enforcement – typical criminal behavior. The business will then have to determine the credibility of the attacker, assess the damage to the brand and react appropriately.
How do I prevent my company from being attacked?
You can deploy all the technical tools: spam filters, firewalls and endpoint protections and still have an incident because a user clicked a link and let them in. So, multiple layers of protection are required.
Companies must also take the time to train users and educate them on what these attacks look like and what to look for. Phishing training should be mandatory and conducted often for ALL employees. Some companies even offer rewards to employees for reporting phishing emails which can help engage employees in helping prevent these attacks. You can also call us! With years of experience protecting our clients and putting successful safety measures in place, Entec is well-equipped to jump in and support your company no matter where you are in your cybersecurity experience.
Lastly, something we tell all our customers, cybersecurity and cyber safety are here to stay. So, adopting a culture the respects and supports these measures should start with the leadership team and spread across your entire enterprise. It is not just your IT department that should be concerned with this. Potential damage to image, loss of productivity and financial impact are very real and need to be realized by everyone in the organization.