Whaling. Anatomy of an attack - Whaling. Anatomy of an attack - Vox
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Whaling. Anatomy of an attack. Whaling. Anatomy of an attack. Protecting your organisation from CEO email scams.
It’s no secret that social engineering attacks, including phishing, spear-phishing and
whaling, have grown from a nuisance to a colossal problem. A growing list of companies
have been hit by these methods — sometimes to the tune of millions of dollars in data or
financial losses.
THE FIVE PHASES OF A WHALING ASSAULT
1. In the crosshairs 4. Victim’s assistance
Cyber thieves frequently rely on social media To the target, the email looks authentic - and
sites, such as LinkedIn™, to gather details about a prompts for the specific action or transaction
high-level executive to impersonate, along with a leading to a loss. The request usually has a
lower-level target. The target is typically a controller sense of urgency and it may request that the
or human resources executive with the authority to individual bypass normal procedures.
request a financial transaction or send data without
additional approvals. 26% of organisations had
experienced loss of confidential
82% of South African organisations data because of an email-based
have seen whaling attacks impersonation attack in the past
(impersonation of their CEO or 12 months.4
other executives) asking for money,
sensitive information, intellectual 5. On the money
property or login credentials.1 In most cases, cyber thieves impersonating a
2. The domain game high-level executive request a wire transfer or
for the recipient to send tax data containing
www
Crooks register a domain that appears similar to personal employee information, such as
the actual domain for a company. For instance, IRP5s, and personal and financial tax return
testcompany becomes “testconpany” or information.
“testcornpany.” This creates potential confusion.
The busy target may not notice the fake domain.
80% of SA organisations have
witnessed impersonation fraud in
which the attacker registered similar
domains using Punycode or other
similar looking letters and characters
for the sending domain.2
3. Gone phishing
The recipient receives an email message with his or
her name on it, as well as other details that make it
look authentic. This includes relevant details about
the impersonated executive and likely, a specific
business initiative.
72% of whaling attackers pretended
to be the CEO, while 36% were
attributed to the CFO.3
77% of South African
organisations don't have
email security policies/
tools (DMARC) currently
in place to help protect
against email spoofing.5
Page 1HOW BIG IS THE PROBLEM?
51%
Messages appear highly credible. They are well
researched using social engineering techniques
that exploit the natural human tendency to trust
and be helpful. Messages use the right names,
correct titles and have very similar-looking
domain names. They are custom-written to
avoid spam filters. of SA organisations say it
They appear to originate from the CEO, CFO
is likely they will suffer a
or another senior executive and often request negative business impact
immediate action. They’re almost always under from an email-borne attack
the amount or threshold required for a second
signature. In some cases, impersonation in 2019. 7% say it is
messages are sent by thieves when a key inevitable.6
executive is on vacation - making an external
or unknown domain name seem legitimate.
The targeted company lacks essential
authentication and controls, such as a second
signature or sign-off on key transfers or
transactions. Or, the recipient ignores key
procedures for fear of raising the ire of the CEO
51%
or CFO. In many instances, employees are duped
into thinking that checking on a transaction
might slow things down and derail a key deal. of SA organisations do
not currently have a cyber
resilience strategy in
place.7
Organisations may lack
essential security
safeguards, including
endpoint security, data 34% of organisations
encryption and email believe their CEO
gateway technology to undervalues the role of
identify suspicious email.
email security to protect
their organisation.8
Page 2ATTACKS IN MOTION
A few examples of large international companies that have
fallen victim to whaling attacks:
FACC: Ubiquiti Networks:
The Austrian aircraft industry supplier lost 50 The high-performance networking tech
million euros ($57.6 million), reportedly due to company suffered a $39.1 million loss as a
a whaling attack. Its stock fell 17% after the result of a whaling attack. The San Jose-based
breach became public.9 firm has recovered only a portion of the sum.12
Seagate: Weight Watchers International:
A successful whaling attack landed thieves up A whaling email allowed thieves to obtain
to 10,000 W-2 tax documents for all current tax data for nearly 450 current and
and past employees.10 former employees.13
Snapchat:
An employee fell for an email impersonating
a request from CEO Evan Spiegel and
compromised payroll data for 700 employees.11
Success Story
Specialty recruitment firm Athona Ltd. based in the U.K., used Mimecast’s Impersonation
Protect cloud-based antiwhaling service to identify and block whaling emails - without
generating false-positives. This helped protect the firm’s reputation and reduced the risk
of disruption and data theft.
Page 3SIX WAYS TO HARPOON THE THIEVES
1. Educate and inform employees
Coach key employees to recognize an Social engineering attacks,
impersonation email and what steps to take including whaling, are
to avoid falling victim to thieves. Train them increasing rapidly. Through a
to pick up the phone and verify a combination of awareness,
large transaction. simulations, technology, and
better internal
2. Use simulations systems and processes,
An effective method for detecting it’s possible to dramatically
weaknesses and raising awareness is the use reduce risks and build a
of real-world testing. This takes the form of a cybersecurity foundation
phishing message that is intentionally sent to that better protects your
organisation from financial
key individuals in the organisation.
and data loss.
3. Make faking messages difficult
Customised stationery and unique identifiers
in messages, as well as periodic changes
in design, make it more difficult for cyber
thieves to create convincing-looking emails.
4. Tap technology
An effective method for thwarting thieves is
Over 90%
Targeted Threat Protection - Impersonation
Protect, which is advanced email gateway
technology that identifies and, if desired,
quarantines suspicious messages through
the use of names, domains and keywords. of cyberattacks begin
with email, and social
5. Stay alert engineering-led email
Monitoring, Threat Intelligence and alert attacks are growing
services that notify organisations when rapidly.15
a new or different threat exists are also
valuable. In today’s fastmoving cybersecurity
environment, hours and even minutes matter.
6. Rethink procedures
It may be necessary to change authentication 21% of SA organisations
and approval methods by adding a second have suffered direct
signature or lowering the monetary amount financial loss because
required to trigger secondary approval. of an email-based
Multilevel authentication and approvals can
greatly reduce risk.
impersonation attack in
the past 12 months.14
Page 4MIMECAST IMPERSONATION PROTECT
Mimecast Impersonation Protect is an
essential layer of email security
Visit vox.co.za to learn more about the Targeted Threat Protection
service to protect your organisation against catastrophic data and
financial losses.
About Mimecast Whaling — derived from
Mimecast is a cybersecurity provider that helps thousands of organisations an analogy with a big
worldwide make email safer, restore trust and bolster cyber resilience. “phish” — is particularly
threatening because it’s
Known for safeguarding customers against dangerous email, Mimecast’s
both highly deceptive and
expanded cloud suite enables organisations to implement a comprehensive
cyber resilience strategy. damaging.
From email and web security, archive and data protection, to awareness A cyber-criminal,
training, uptime assurance and more, Mimecast helps organisations stand disguised as the CEO, CFO
strong in the face of cyberattacks, human error and technical failure. or other senior executive,
typically sends an email
Our customer engagement teams and Security Operations Centre
help organisations of all sizes with proactive support and actionable message to a recipient
intelligence. Our easy to use and deploy cybersecurity platform with open and convinces this person
APIs, makes customers’ existing investments more valuable and teams to initiate a wire or data
smarter. transfer. These attacks
are also referred to as
The collective intelligence gathered across our global customer base and
impersonation
strong partner network provides a community defense that helps make
the world a more resilient place. attacks or business email
compromise attacks.
www.mimecast.com
Sources
1. Mimecast and Vanson Bourne, ‘The State of Email Security 2018," 24 July 2018
Email Security 2019," 29 May 2019 9. ComputerWeekly.com, “$54m cyber fraud hits
2. Mimecast and Vanson Bourne, ‘The State of aircraft supplier share price,” Jan. 22, 2016
Email Security 2019," 29 May 2019 10. KrebsonSecurity, “Seagate Phish Exposes All
3. Mimecast Blog, "Whaling warning for 2016," EmployeeW-2’s,” March 16, 2016
Dec. 23, 2015 11. CNN.com, “Snapchat employee fell for phishing
4. Mimecast and Vanson Bourne, ‘The State of scam,” Feb. 29, 2016
Email Security 2019," 29 May 2019 12. CSO, “Ubiquiti Networks victim of $39 million
5. Mimecast and Vanson Bourne, ‘The State of social engineering attack,” Aug. 6, 2015
Email Security 2019," 29 May 2019 13. MSN.com, “Tax Forms: Cybertheft Schemes on
6. Mimecast and Vanson Bourne, ‘The State of the Upswing,” April 4, 2016
Email Security 2019," 29 May 2019 14. Mimecast and Vanson Bourne, ‘The State of
7. Mimecast and Vanson Bourne, ‘The State of Email Security 2018," 24 July 2018
Email Security 2019," 29 May 2019 15. CSO Online, "Top cybersecurity facts, figures and
8. Mimecast and Vanson Bourne, ‘The State of statistics for 2018," Oct 10, 2018
Page 5About Vox Innovation and insight combine in Vox, a market leading end-to-end integrated ICT and telecommunications company. We have an enviable track record of meeting the needs of thousands of consumers, SMEs, large corporates, and public sector organisations. Thanks to our dedicated staff of more than 1 500 people – and our several hundred business partners countrywide – we set the benchmark for service delivery by connecting people through best-of-breed technology. From data to voice, as well as cloud, business collaboration and conferencing tools, Vox offers intelligent solutions that connect South Africans to the world, supporting entrepreneurs, customers and commerce, whilst practicing values of integrity, choice and service excellence in all of its dealings. For more information on complementary or alternative products, visit us at vox.co.za New Business Sales JHB : +27 (0) 87 805 5050 Consumer Support : +27 (0) 87 805 0530 Business Support : +27 (0) 87 805 0500 Email: info@voxtelecom.co.za
You can also read
