Category: Phishing

Beware “Phishy” Emails

Jun 18, 2020 by Sam Taylor

By Wassef Masri

When the accounting manager at a major retail US company received an email from HR regarding harassment training, he trustingly clicked on the link. Had he looked closer, he could’ve caught that the source was only a look-alike address. Consequently, he was spear-phished.

The hackers emailed all company clients and informed them of a banking account change. The emails were then deleted from the “sent” folder. By the time the scam was discovered a month later, $5.1 Million were stolen.

As in the previous crisis of 2008, cyber-crime is on the rise. This time however, hackers are higher in numbers and more refined in techniques. Notably, the emergence of malware-as-a-service offerings on the dark web is giving rise to a class of non-technical hackers who are better at marketing and social engineering skills.

Phishing emails are the most common attack vector and are often the first stage of a multi-stage attack. Most organizations today experience at least one attack a month.

What started as “simple” phishing that fakes banking emails has evolved into three types of attacks that increase in sophistication:

  • Mass phishing: Starts with a general address (e.g. “Dear customer”) and impersonates a known brand to steal personal information such as credit card credentials.
  • Spear phishing: More customized than mass phishing and addresses the target by his/her name, also through spoofed emails and sites.

  • Business Email Compromise (BEC): Aka CEO fraud, is more advanced because it is sent from compromised email accounts, making them harder to uncover. They mostly target company funds.

How to Protect Against Phishing?

While there is no magical solution, best practices are multi-level combining advanced technologies with user education:

1. User awareness: Frequent testing campaigns and training.

2. Configuration of email system to highlight emails that originate from outside of the organization

3. Secure email gateway that blocks malicious emails or URL’s. It includes:

  • Anti-spam
  • IP reputation filtering
  • Sender authentication
  • Sandboxing
  • Malicious URL blocking

4. Endpoint security: The last line of defense; if the user does click a malicious link or attachment, a good endpoint solution has:

  • Deep learning: blocks new unknown threats
  • Anti-exploit: stops attackers from exploiting software vulnerabilities
  • Anti-ransomware: stops unauthorized encryption of company resources

It is not easy to justify extra spending especially with the decrease in IT budgets projected for 2020. It is essential however to have a clear strategy to prioritize action and to involve organization leadership in mitigating the pending threats.

Leave a comment or send an email to wmasri@crossrealms.com for any questions you might have!

THERE IS SOMETHING “PHISHY” ABOUT SPEAR PHISHING.

Jul 11, 2019 by Sam Taylor
Spear Phishing is known for making more calculated attacks, focusing on a smaller number of targets.

We all know about email phishing, it’s relatively easy to spot. When the prince of Nigeria emails asking for help, we know not respond with our banking info, but when your I.T. provider “emails” with a link to click to login, this might be a little harder to recognize as an attack. Spear phishing is the next worst version of plain old phishing.

Spear phishing is a relatively cheap and effective way to gain access to someone’s personal information or computer system. With a little research and an email address, a hacker can pose as a trusted source. Posing as this official source, hackers can access aia a spoofed login link or an attachment.

This type of phishing has increased by 65% since last year, meaning your inbox may soon receive an email you weren’t expecting. Here are a few examples of what a spear phishing attack may look like:

The Executive

Emails from higher-ups are always more likely to receive special attention, something hackers realize too. An American steel company was targeted with an email from the board of directors, which prompted employees to click a link. This link allowed for hackers to gain access to employee’s email database and all attachments.

Protect yourself from dubious links by double checking with the person who initiated the email. It is unlikely that there will be a login link attached in an email, but always double-check.

The Job Candidate

With team expansions come new hires, but not all job applicants are alike. This “potential” hire will typically send a short intro summary and an attachment of their resume, which is what holds this compromising malware.  

Protect yourself from malicious attachments by having an intermediary defense system, like a web portal or file uploader to scan all attachments to verify a word document.  

The IT Note

Who hasn’t run into IT troubles? When an email pops up from your provider, it doesn’t signal any red flags, but they link they provide might be anything but helpful.  

Protect yourself from these malicious links by remaining vigilant online and refraining from providing personal information online.

Remaining Vigilant Online

There are many ways for a hacker to investigate a user’s personal interests, such as through their social media. With simple research, a personally crafted attack could be sent to an unexpecting inbox. Don’t be the one to fall for the attack:

 

  1. Remain very vigilant online
  2. Double check with the sender
  3. Have an intermediary defense system
  4. Avoid links that direct to a login page
  5. Keep up to date with cyber attacks

APPLE USERS ARE LEFT EXPOSED TO A NEW PHISHING ATTACK

Jul 11, 2019 by Sam Taylor

This new phishing attack has gained a level of sophistication that will trick even a trained user. An unpatched URL vulnerability allows a hacker to imitate a website address and then acquire information through a fake login portal.

The URL vulnerability was discovered by Rafay Baloch, a security researcher based in Pakistan. Microsoft Edge by Windows and Apple Safari by iOS are the two major browsers affected. While Microsoft has created a patch for the spoof URLs in the previous month– meaning Google Chrome and Mozilla Fox users are in the clear.

Baloch discovered that this vulnerability (CVE-2018-8383) as a result of a race type condition issue: a web browser will allow JavaScript to change the web address in the URL bar while a page is loading.

Here’s how this phishing attack works: hackers are able to load an authentic webpage, allowing for the proper web address to display in the URL bar, and then quickly swap in a more sinister code. Users are then led to what appears to be a legitimate login screen, where usernames and passwords are then captured. This can easily deceive a vigilant user, as the web address doesn’t appear to change drastically.

Any website can be recreated by a hacker with this URL loophole, including Gmail, Facebook, Twitter, and even a large number of banking websites.  

Baloch produced a proof-of-concept (PoC) page where he exposed the URL vulnerability on both Microsoft Edge and Safari. Both web pages granted JavaScript access to change the web address in the URL bar while the page was still loading.  

Ultimately, it’s best to double-check web addresses, but to also keep an eye on the latest phishing attacks.

To read more about technical details about the phishing attack, read Baloch’s blog.