How to protect against the latest payload-less attacks on social engineering

Social engineering is one of the most common approaches used by cyber criminals to steal data or install malware.

But there will be a new generation of attacks that have nothing to do with the cargo. How can companies protect themselves against these threats? We spoke with Evan Reiser, CEO and co-founder of email security specialist Abnormal Security, to find out.

BN: What are the new types of modern social engineering attacks you see in nature, and why do most security teams miss them?

DANGEROUS: For many years, e-mail has been the main medium for cyber attacks. In response, companies have invested heavily in email security solutions. However, despite growing awareness, losses due to Business Mail Compromising (BEC) continue to increase. According to the Internet Crime Complaint Center (IC3) of the FBI, the CLB fraud caused $26 billion in losses.

Today’s threat actors are creating increasingly sophisticated BES attacks based on social engineering that do not have common threat signals that can trigger detection. These attacks have no malware attachments. Nor do they contain URLs that lead to malicious websites. The content of the email is generally simple and the attacks are configured for each individual target. The nature of these loadless BEC attacks defies detection by traditional email security solutions.

The abnormal security research team found an increase in these types of attacks without a charge. In their research, the team found that 69% of payload attacks occur as someone known to the recipient, while the risk of dangerous actions in payload attacks is 17 times greater than in other types of attacks. And in recent weeks, the team has seen a rapid increase in the number of attacks related to KOVID-19.

BN: Why are less useful attacks considered a greater threat than traditional phishing attacks?

DANGEROUS: BEC attacks in general represent only a small part of the total attack vector of e-mail. We have determined that of all the attacks to which our customers are exposed, only five percent are unnecessary. Although this is only a small percentage compared to spam and payload-based malware, BEC attacks are almost always manual and contain strong elements of social engineering. As such, they represent a disproportionate amount of financial risk.

BN: What are the typical characteristics of low load attacks?

DANGEROUS: The most advanced BES attacks fall into several categories. For example, the imitation of the executive is one of the simplest attacks on threatening actors. These types of email can come from reliable and well-known email services such as Gmail. Due to the widespread use and the general need for companies to communicate with people using these services, emails from senders in these domains cannot be simply blocked.

Conversational hacking methods are used for attacks targeting both suppliers and employees, which are extremely difficult to identify. In case of a compromise with a provider, e-mails come from trusted people, and attackers can respond to the existing mail branch to make it look even more authentic. In the event of a compromise, not only the mail of trusted employees, but also the internal (i.e. domain-internal) mail flow of traditional email security solutions is usually not scanned.

Hidden phishing attempts are attempts to impersonate a well-known brand such as Microsoft, Amazon, FedEx, Google, and so on. Although some email security solutions can detect such attacks (high entropy URLs previously considered to be part of the information source of the threat, etc.), they can also be used to identify and respond to the threat. Phishing account phishing sites are generally free of malware, making typical sandbox phishing methods ineffective.

It is not surprising that the research team has discovered in recent weeks that most e-mail attacks contain an element related to COVID-19. In February 2020, the group examined the most common characteristics of non-payment attacks and statistics on the frequency of their use by attackers. So you found him:

  •  65% stake (a threatening actor asks for something like you?).
  • 18% bitcoin extortion
  • 10% gift voucher fraud
  • 7% fraudulent wage discount

In April 2020, the number of attacks related to KOVID-19 increased by 90%. It turned out that the majority of the attacks were caused by COVID-19 spam, which increased by 150%. Attacks included Kovid 19 vaccine fraud, WHO donation fraud, Kovid 19 drug scams, incentive payment attacks, and zoom type malware attacks aimed at job loss.

BN: What steps can security teams take to ensure that they cannot detect attacks without a charge?

DANGEROUS: To protect themselves from the attacks of modern social engineering, modern security teams must analyze a broader set of data to better understand the communication context. For example:

  • Perform identity simulations of internal and external organizations (partners, suppliers, customers) and analyse other data sources as part of these simulations.
  • Create relationship graphs to understand not only the power and frequency of each connection, but also the content and tone of the communication.
  • Perform an analysis of email content using techniques such as computer vision, natural language processing, in-depth URL analysis, and threat analysis.

These methods will provide an automated insight that a human analyst can visualize. The increasing sophistication of attacks means that security teams have to make use of more sophisticated means of defence. It is best to start with methods that give a better understanding of the context of the communication.

BN: In addition to the steps that security teams can take, how should organizations consider security awareness training combined with effective email security?

DANGEROUS: While the primary responsibility for defending against CLB attacks should lie with the security team, it is important to learn what type of security awareness training you offer. Traditionally, security training focused on mechanics – employees were given a mental checklist to see if they could recognize domains, senders or email addresses; if they could see spelling errors in emails or strange links.

This type of scanning helps employees avoid falling victim to common phishing emails, but it doesn’t help employees target complex emails without payload. Today, CLB e-mails reach new heights in terms of personalisation and are often provided with information in a very sophisticated way that gives the impression that only the intended sender can send them.

It’s time to move from traditional phishing tactics to safety training and encourage employees to use their common sense: Pause and reflect on the content. If someone asks you to bypass the business process, think about what they’re asking you to do and if it’s okay. Risks have become more complex and safety training courses must train employees on how tactics work.

The entire organisation needs to be trained in security, from the C Combinatorium to the finance team and the marketing department. While this is important, you don’t want all your employees to spend 10 minutes a day scanning their email. A better trained member of staff simply complements the efforts of your security team and the technology at your disposal.

Photo credits : tashatuvango/depositphotos.comhow to protect against social engineering attacks,recent social engineering attacks 2019,why do cyber attackers commonly use social engineering attacks?,social engineering attacks rely on which of the following,training against social engineering,how can you protect yourself from social engineering,social engineering is the art of what three things,what is a common method used in social engineering quizlet