This time, disaster was averted, but it isn’t always. The fact that the bogus email came in minutes after the original one was no coincidence. This second bogus email can't be called phishing or spear phishing, we'll call it bot phishing.
Most of us by now have heard of phishing. Phishing is where a cybercriminal will send out an email to a massive number of email addresses, the email will look legitimate, perhaps from a well-known company like PayPal, Facebook or a bank. The email will usually say something along the lines of your account has been compromised or they need to review your account details and there will be a link to click on where you can ‘check your account’. This link will take you to a spoof website which will download malware onto your computer, often installing into your browser, resulting in data loss and/or the stealing of banking credentials and similar other nasty activities.
Phishing emails are a big problem. Kaspersky, the anti-virus specialists have an ‘Anti-phishing System’ which detects computers of Kaspersky clients that have been subject to phishing attacks. In Q1 of 2015, this system was triggered 50,077,057 times! That’s a lot of fish.
But folks are getting wary of phishing, so the hackers are becoming ever more sophisticated and turning their criminal minds to an even more sophisticated method of phishing called spear phishing. Spear phishing is like standard phishing, except it is highly targeted. This time the email with the link to the spoof website will be sent, on purpose, to a particular employee within a company. A recent attack on JP Morgan bank shows how spear phishing works. In this attack, specific bank employees were targeted and ended up having their passwords to critical network servers stolen, with the result being that those servers were hacked. The hackers then used this access point to steal the email addresses of millions of JP Morgan customers who the hackers can now spear phish in turn.
Going back to our original story of our customer who was bot phished - it may have been a coincidence that the email came in immediately after an actual legitimate email. It might be that the cybercriminal involved simply checked out online items, like expiration dates of websites, which show when a website is about to expire. The cybercriminal then chose a prominent email or emails within that company and sent out the phishing email to hook at least one of them. But, given the timing of the emails, it seems unlikely this could have been coincidence.
Much information about us is available and easy to access online. Cybercriminals know this and aggregate this information for use in their crimes. It is almost impossible to prevent this from happening, so we need to have protections in place for when it does. Education and protection are the watchwords in the fight against phishing and spear phishing, and now perhaps bot phishing. One of the most recognized and important things we can do as potential victims of cybercrime is to make sure software, such as browsers, are fully and promptly patched, as hackers make use of vulnerabilities in software to install malware. We also need to make use of monitoring and alerting across the network to make sure we are fully aware of issues before they take hold and expose our data. Educating ourselves and our employees on how to recognize these emails and not to make the mistake of simply clicking on the link should also be part of our overall cybercrime strategy. WatchPoint Data can provide the security platform needed to help tackle phishing, whatever form it takes.
Breaking news: Kaspersky hacked through use of spear phishing.
If Kaspersky, world renowned security specialists can get spear phished then anyone can. This news broke just as this article was being finalized, more details to come.
Updated: Kaspersky Duqu 2.0 Hack
