How cyber phishing has evolved
Authored by NMU
As we once again enter Cyber Security Month – which is celebrating its’ 10th anniversary this year, it’s high time that we sat down and took stock of the key cyber risks and attack methods that brokers and their clients should be aware of. The themes for this year’s #CyberSecMonth – phishing and ransomware, should be familiar to most of you, but this month we’ll be exploring both in greater detail – in particular, how these attack methods have evolved to expose new cyber vulnerabilities.
We’ll start by taking a closer look at phishing, and the variety of new techniques that fraudsters have been utilising to target individuals and businesses online. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails or directing victims to fraudulent websites to obtain logins or other sensitive information.
MPI phishing
A hacking group has developed a new, elaborate email phishing technique which utilises multiple personas and email accounts to create a convincing email chain of activity.
It starts with scammers sending an email to their target whilst CC’ing another email account which they also control, the scammer then responds from this account, engaging in fake back-and-forth conversation to lure the target into downloading a malicious payload. This new technique has been labelled as ‘multi-persona impersonation’ (MPI) by researchers at Proofpoint.
This technique has been used in a number of recent attacks, targeting scientific and academic organisations. In these instances, targets were tricked into downloading malicious OneDrive links, which once downloaded, would gather key information from the device and send this information to the hackers.
In browser phishing
When we think of phishing, we may typically think of convincingly fake Apple emails, or texts from the Royal Mail – but the reality is that phishing attacks are increasingly branching out to less conspicuous forms of communication. A recent attack targeting the online video game platform Steam and its users, utilised a sophisticated browser-in-the-browser technique to trick pro gamers into handing over their account details.
The attack began with a direct message on social media inviting the user to join a gaming tournament, with the sender including a link to a fake e-sports company. Once users requested to sign up for the tournament, they received an almost indistinguishable Steam login pop-up window. After entering their Steam credentials, a form of multi-factor-authentication would appear, only further adding to the scam’s authenticity.
Once the account details had been stolen, the scammers proceeded to sell these on, with some high-profile accounts selling for hundreds of thousands online. Attacks like this highlight how convincing phishing scams are becoming, by utilising both social media and fake in-browser login windows it’s only a matter of time before we see these techniques being used against businesses.
Hiding behind the cloud
Scammers have recently found a backdoor into cloud services, allowing them to slip phishing emails past Amazon Web Services’(AWS) automated scanners. For those who may not be familiar with the platform, it’s highly likely you’ve already used it in some way shape or form, as AWS currently holds 41.5% of the cloud computing market share – making it the world’s largest provider.
The origins of this attack stem from hackers realising that people can use an AWS service to build and host web pages via WordPress or a custom code. From here, the hackers can send phishing emails stamped with the AWS name into corporate email systems, bypassing scanners which would typically block them.
In a recent report conducted by researchers Avanan highlighted how common these large scale phishing attacks have become, often piggybacking off well-known brand names to ensure that messages land in their targets inbox. AWS which is the largest public cloud player, makes a perfect vehicle for scammers, as the service is so widely used that blocking their emails is unthinkable.
As using the cloud becomes increasingly common and more cloud services pop-up, this will only open up more opportunities to cyber criminals and allow them to more easily slip phishing emails into our inboxes.
Cyber insurance isn’t just for large organisations
It’s clear that these new techniques, combined with developing technologies present a new frontier for cyber criminals looking to target their victims. While it’s not uncommon for many to believe that only large companies are at risk of a cyber-attacks, the reality is that in today’s landscape, any business can be targeted. Fortunately, our CyberSafe solution can help protect businesses of all shapes and sizes. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support.
As always, the strongest and weakest links in a business’ armoury is human error and Social Engineering Fraud is still the most frequent in terms of claims volume, so take the time to train and educate your workforce on the signs and how they can individually play a role in preventing a cyber breach from happening. For example, not forgetting to verbally double check bank details for payment requests.
Contact us
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team