EDITOR ’ S QUESTION
WHAT PROCEDURES SHOULD COMPANIES HAVE IN PLACE TO MINIMISE PHISHING ATTACKS ?
/////////////////////////////////////////////////////////////////////////////////////////////////////////
Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails designed to make money for cybercriminals . The emails are disguised as legitimate procurement and accounting letters and have hit at least 400 industrial organisations . The series of attacks started last autumn and targeted several hundred company PCs in industries ranging from oil and gas , to metallurgy , energy , construction and logistics .
In the detected wave the criminals not only attacked industrial companies together with other organisations , they were predominantly focused on them . They sent out emails containing malicious attachments and tried to lure unsuspecting victims into giving away confidential data , which they could then use to make money .
According to Kaspersky Lab ’ s data , this wave of emails targeted around 800 employee PCs , with the goal of stealing money and confidential data from the organisations , which can then be used in new attacks . The emails were disguised as legitimate procurement and accounting letters , containing content that corresponded to the profile of the attacked organisations and considered the identity of the employee – the recipient of the letter . It is noteworthy that the attackers even addressed the targeted victims by name . This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user .
When the recipient clicked on the malicious attachments , modified legitimate software was discreetly installed on the computer so that criminals could connect to it , examine documents and software related to the procurement , financial and accounting operations . Furthermore , the attackers were looking for different ways to commit financial fraud , such as changing requisites in payment bills to withdraw money for their benefit .
Moreover , whenever criminals needed additional data or capabilities , such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network , the attackers uploaded additional sets of malware , prepared individually for an attack on each victim .
This included spyware , additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system , as well as the Mimikatz tool that allows users to obtain data from Windows accounts .
Meanwhile , Mimecast has released its second annual State of Email Security report that identifies the latest email-borne threats facing organisations of all sizes and industries globally .
More than 50 % of organisations reported seeing the volume of phishing attacks increase over the last 12 months , while 40 % said they saw the volume of impersonation attacks rise . Making cybersecurity a priority should start from the top , yet this isn ’ t always the case ; 20 % of respondents said their C-level executive sent sensitive data in response to a phishing attack and 49 % admitted that their management and finance teams aren ’ t knowledgeable enough to identify and stop an impersonation attempt .
“ Email-based attacks are constantly evolving and this research demonstrates the need for organisations to adopt a cyber resilience strategy that goes beyond a defence-only approach ,” said Peter Bauer , Chief Executive Officer of Mimecast .
“ This is more than just an IT problem . It requires an organisation-wide effort that brings together many stakeholders , puts the right security solutions in place and empowers employees – from the C-suite to the reception desk – to be the last line of defence .”
28 INTELLIGENTCIO www . intelligentcio . com