(August 28, 2023) When the notorious thief Willie Sutton was asked why he robbed banks, he reportedly replied: “That’s where the money is.” Hackers have a similarly simple motivation for targeting senior executives and other key managers. They have the best data.
Researchers with Proofpoint have observed an alarming surge in cloud account takeover attacks targeting high-level executives at some of the world’s largest enterprises. The attackers are using a Phishing-as-a-Service tool called EvilProxy to steal credentials. The tool uses a technique called reverse proxy architecture to steal credentials protected by multifactor authentication (MFA). At least 35 percent of the compromised accounts had MFA enabled.
Phishing campaigns that target executives are known as “whaling” attacks. Unlike traditional phishing scams that cast a wide net with the mass distribution of fake emails, whaling attacks aim at the big fish with broad access to the company’s systems and sensitive data.
Why Whaling Attacks?
Whaling attacks tend to be highly personalized and more carefully crafted, with none of the spelling and grammar mistakes common in generic phishing scams. Whaling emails typically use corporate logos, names, job titles, phone numbers, and other details that make the communications look as legitimate as possible. This makes it more likely that an executive will take the bait.
Executives are not merely attractive targets — too often, they are remarkably easy targets. Because they engage with such a broad range of business partners, associates, suppliers, and contacts, they don’t want to be restrained by digital limitations. They often sidestep good security practices in the name of convenience.
For instance, CEOs are often on the move and wish to remain connected in airports, hotels, or restaurants. However, using public Wi-Fi hotspots to make those connections can expose a wealth of sensitive information, including usernames and passwords.
Start with Education
Many successful attacks exploit the fact that employees don’t generally question a directive from the executive suite. In several cases, hackers spoofed the CEO’s email to trick someone in payroll into forwarding the W-2 forms of all employees. Security experts have also reported a sharp increase in business email compromise attacks in which a spoofed email message directs an employee to transfer funds to a fake account. If hackers gain control of an executive’s account, they can send these emails from within the organization!
Education plays an important role in thwarting phishing and whaling attacks. The right security awareness training program helps create a “human firewall” that serves as a first line of defense.
Although there may be some initial pushback from the C-suite, IT should administer hands-on training exercises to teach execs how to follow strict data protection standards. Employees must also be encouraged to verify unusual or suspicious email requests by phone or in person.
Comprehensive Approach
Of course, education is only part of the solution. IT must also secure the infrastructure to prevent potential exploits. It is imperative that operating systems, browsers, plugins, antivirus, and email filtering solutions are up to date, and that all software is properly patched.
It’s also important to review all security policies and preventive procedures regularly. Because email is the chief mechanism for phishing and whaling scams, establish policies for regularly updating passwords, with requirements that make them hard to crack. Make sure the help desk and IT staff require verification before giving out forgotten passwords. Periodically review network access and authentication policies to prevent unauthorized access.
A periodic security risk assessment from a reputable managed services provider (MSP) can be invaluable for locating potential vulnerabilities and providing recommendations. Mainstream’s experts can identify any gaps in your security practices, and develop an end-to-end strategy. Let our team of professionals help you shore up your defenses and implement policies based on industry best practices.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting, custom software development, and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
Contact Us