EDITOR’ S QUESTION
WHAT PROCEDURES SHOULD COMPANIES HAVE IN PLACE TO MINIMISE PHISHING ATTACKS?
/////////////////////////////////////////////////////////////////////////////////////////////////////////
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails designed to make money for cybercriminals. The emails are disguised as legitimate procurement and accounting letters and have hit at least 400 industrial organisations. The series of attacks started last autumn and targeted several hundred company PCs in industries ranging from oil and gas, to metallurgy, energy, construction and logistics.
In the detected wave the criminals not only attacked industrial companies together with other organisations, they were predominantly focused on them. They sent out emails containing malicious attachments and tried to lure unsuspecting victims into giving away confidential data, which they could then use to make money.
According to Kaspersky Lab’ s data, this wave of emails targeted around 800 employee PCs, with the goal of stealing money and confidential data from the organisations, which can then be used in new attacks. The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organisations and considered the identity of the employee – the recipient of the letter. It is noteworthy that the attackers even addressed the targeted victims by name. This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user.
When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it, examine documents and software related to the procurement, financial and accounting operations. Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in payment bills to withdraw money for their benefit.
Moreover, whenever criminals needed additional data or capabilities, such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network, the attackers uploaded additional sets of malware, prepared individually for an attack on each victim.
This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.
Meanwhile, Mimecast has released its second annual State of Email Security report that identifies the latest email-borne threats facing organisations of all sizes and industries globally.
More than 50 % of organisations reported seeing the volume of phishing attacks increase over the last 12 months, while 40 % said they saw the volume of impersonation attacks rise. Making cybersecurity a priority should start from the top, yet this isn’ t always the case; 20 % of respondents said their C-level executive sent sensitive data in response to a phishing attack and 49 % admitted that their management and finance teams aren’ t knowledgeable enough to identify and stop an impersonation attempt.
“ Email-based attacks are constantly evolving and this research demonstrates the need for organisations to adopt a cyber resilience strategy that goes beyond a defence-only approach,” said Peter Bauer, Chief Executive Officer of Mimecast.
“ This is more than just an IT problem. It requires an organisation-wide effort that brings together many stakeholders, puts the right security solutions in place and empowers employees – from the C-suite to the reception desk – to be the last line of defence.”
28 INTELLIGENTCIO www. intelligentcio. com