Business email compromise or impersonation attacks overall rose during the second quarter of 2019 by 25 percent with some types of attacks becoming more common and better executed.During this period FireEye
has noted attackers are increasingly impersonating executives and attempting to
involve a company’s supply chain vendors as part of the attack to make it
appear as if the malicious email is a legitimate request. These tactics have
been honed to a point where they are easily convincing employees to take the
bait.Some of the steps being
taken have been used in the past, such as spoofing the return address, but
FireEye found the attackers are doing more research on their victim to better
tailor the attack.Source: FireEye
This includes creating a
greeting aimed at a specific recipient at the targeted company and using a doctored
version of a real company invoice that is then attached to the email. To place
more pressure on the employee the email is marked urgent and to cap it off the
signature, purportedly from the company exec, is added that includes name,
phone number, email and address all of which are real.Despite the increased
believability being built into these scams, there are methods making them
detectable. Worker education remains the first line of defense with employees
being taught to double check with the person supposedly asking for the payment
before completing the transaction. Implementing social graph impersonation
filtering and improved identification of suspicious email activity can also be
used with a high level of success.
Cybernews reports that BreachForums had its planned revival last week purportedly hindered by a zero-day intrusion against the outdated MyBB forum software used by the BreachForums[.]st site then owned by "Anastasia."
Safe-seeming cloud services like Google Drive and Trello have everything attackers need to remotely control infected hosts, and most defenders have no idea.
