Remember that old proverb “teach a man to fish”? Well, we had been thinking phishing went the same way for many cybercriminals. Once they learned how to effectively phish users, they’d be set for a good pay day that might provide enough phished users to be set for life.
My thoughts on this have changed…
A new slew of email attacks don’t even depend on you clicking a link! What cybersecurity experts are finding is that email archives is a new and effective way for a criminal to get into your inbox without you even doing anything at all.
Just to underscore the importance of email in cyberattacks. According to the FBI, compromised email accounts have caused $12 billion in damages to-date. That means social engineering and email spoofing and account takeovers have cost our businesses a ton of money in the past couple of years.
The typical ways hackers get onto your email:
Social engineering and email spoofing: attackers use social engineering to figure out who key people are in your organization or key relationships, they send fake requests for information or funds transfer exploiting these known relationships that they’ve inferred from social media posts and connections. Many of the recent social engineering emails are quite convincing as the attacker goes a great deal to make their scam emails undetectable. At first glance, these emails seem legit (many users won’t think twice to following through with requests—even big requests for cash or information).
Account takeover: attackers typically use malware containing keyloggers to hijack and gain access to your corporate email account, whereby they make fraudulent requests to colleagues, exploit other mailboxes, or even redirect and edit legitimate requests made by you and your colleagues. It often takes time to realize account takeovers are happening and by the time you realize something is up, whoever has taken over your account has profited immensely.
But now they’re doing even more!
Both of these techniques have served attacker well for quite some time. But now we’re starting to see faster avenues hackers are taking to get through.
In fact, compromised credentials are being offered on criminal forums on the Dark Web. Other cybercriminals are selling your users’ already compromised data. This is an area where hackers are profiting easier than ever.
Making Sure I’m Clear Here
Hackers are using email inboxes at an alarming rate to not just request wire transfers. They are stealing financially sensitive information within your account to request information from other employees. They use passwords bought on the web to get onto your network and then start exploiting the rest of your team once compromising an email account.
Here are the details on how hackers are gaining access WITHOUT phishing your users:
Paying for access—it’s not uncommon for account access to be shared and sold across criminal forums, especially for emails of financial departments and for CEOs/CFOs. Criminals that have successfully penetrating networks are commonly outsourcing the job to find passwords for key people for as low as $150.
Getting lucky with compromised credentials—many credentials for social media and other compromised sites are simply posted on the Dark Web (some data sets now go for pennies). Hackers are using these lists of passwords to log into email and other accounts on your network. They figure, it’s cheap to do and 20% of users still use the same passwords (or close derivatives) for everything. They’re not simply getting lucky here.
Searching for misconfigured archives—inboxes, particularly for CEOs and CFOs are full of sensitive information. This information can be used for fraud or resold in nefarious marketplaces. What’s concerning is that employees and contractors are trying to find easy—rather than secure—ways of archiving their emails. We’ve found more than 12 MILLION email archive files that contain the words “invoice”, “payment”, or “purchase order” that have been exposed to unauthenticated or misconfigured stores of information.
Regardless of how they get in—whether brute force entry (banging on your front door), your data is a growing target for criminals to get big pay days (they are motivated to get their hands on it!).
Concerned that your security isn’t cutting it? Contact us TODAY for a free ransomware vulnerability assessment!
