Phishing Campaigns

Email continues to be the primary communication channel for businesses so it is not surprising that the most popular delivery method for cyber threats is via phishing emails. The next most popular delivery method for cyber threats is via malicious websites/URLs. Opportunistic phishing emails aim to trick a recipient into clicking on a malicious link or attachment and the malware is downloaded and executes on the end point into the network. The malware can then establish a backdoor to the Command and Control server, obtain escalated user privileges and then move laterally throughout the network to target the data. Typical examples of phishing emails include delivery emails related to parcels, invoice payments or utility bills, and when an end user clicks on the link or attachment it delivers malware to the end user’s device.

Spear phishing emails target a specific person within a company, and emails that target senior executives are sometimes called ‘whaling’. Whaling or spear phishing emails are typically well researched using both social media and publicly available company information like annual reports and shareholder updates. They will appear legitimate and to be from trusted contacts in the user’s social network, which makes them much harder to detect compared to other opportunistic phishing emails. Typically the objective is to obtain sensitive data that may include customer’s personal information, intellectual property (e.g. design blueprints and source code), commercially sensitive information like financial results, investments, merger and acquisition information, corporate roadmaps and strategic information to block access to a system or data files for financial gain through the delivery of ransomware.

According to a survey in 2016, approximately one-third of both Asian and Australian businesses experienced a phishing email incident which impacted their business on at least a monthly basis. 21 per cent of respondents in Asia said that it took five hours or more to recover from these incidents compared to 13 per cent of respondents in Australia who said that it took five hours or more to recover from phishing email incidents.

As social engineering attempts by cyber attackers continue to improve and become more sophisticated, organisations should work on driving more cyber security awareness training for their staff and implement social media and email handing policies within the organisation. Mitigating the risks associated with staff and contractors using email or social media cannot be underestimated where private and sensitive company information may be exposed due to malware infections or shared inappropriately.

Inbound Email Threats

Firstwave Cloud Technology delivers Telstra’s Internet Protection – Email and Web Content Security for government departments, enterprises and businesses in Australia. In 2016, Firstwave scanned over 500 million inbound and outbound emails across Australian customers’ mail servers.

Email content security provides a multi-layered approach to protecting organisations against spam and malware. In 2016, Firstwave identified almost 47 million inbound threats across inbound emails, representing a range of threats including profanities, offensive materials, PCI security standards breaches, spam and malware. In 2016, Firstwave rejected 35 million emails at the “reputation” layer and then captured 12 million emails at the advanced second level of defense preventing these threatening emails from reaching the recipient. The number of emails captured at the advanced second level of defense has reduced by 13 per cent in 2016 compared with 2015.

Firstwave also detects scans potentially infected zip files, which is a common method used to evade detection by cyber criminals. This system generally captures between 30,000 and 45,000 potentially dangerous emails each month.

Business Email Compromise

Business Email Compromise (BEC), as defined by the FBI, is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds. Formally known as Man-in-the-Email scams, these schemes typically compromise official business email accounts, by using spear-phishing emails, and key logger malware, to then conduct unauthorised fund transfers. This type of scam has not been widely publicised but is growing in popularity due to the lucrative nature of this scam. According to the FBT, the BEC scam attempts have hit US $3 billion in June 2016, and the FBI has recorded a 1,300 per cent increase since January 2015. This includes BEC reports by US and foreign victims from a number of sources including complaints filed with the FBI, international law enforcement agencies and financial institutions. The results of the survey found 30 per cent of these businesses in Australia experienced a BEC on at least a monthly basis and 20 per cent of these businesses took five hours or more to recover from these incidents. The results were similar in Asia with 30 per cent of respondents who experienced a BEC on at least a monthly basis. 18 per cent of these businesses took five hours or more to recover from these incidents.