sb-nz logo
Story image

Threat Spotlight: New widespread, 'unstoppable' phishing attack

01 Feb 2018

Article by Barracuda VP of email security Asaf Cidon

When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages. Unfortunately, cybercriminals are taking advantage of these trusted brands to convince you to login in to fake website portals and give up your login credentials.

In this Threat Spotlight, we will examine how attackers are cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs to entice victims into giving away their credentials to these services. Criminals then use these credentials to either commit fraud or to launch targeted spear phishing campaigns within an organisation to steal the crown jewels.

Highlighted Threat:

Phishing attack by impersonation of popular web services

Web Service Spoof Directing to Fake Login Page – In these examples, Microsoft Outlook, DocuSign and Google Docs are being impersonated or spoofed by email that contains a link that directs recipients to a fake login page on a legitimate website.

There is no malicious attachment and cybercriminals are hoping victims will not recognise the web service web portal login page, and freely enter their credentials, giving attackers full access to their email accounts.

In addition, the links used in these emails are typically “zero-day”, meaning they have not been used before in other emails, and therefore don’t appear in any bad link blacklists. Some of these links are legitimate small business websites that have been compromised, and will appear to have a high reputation to traditional email security systems, which helps them evade detection.

The Details:

Over the past month, we have been seeing a high volume of activity around this attack, which is to be expected, since traditional email security solutions will not catch these emails and many will ultimately reach end users without being detected. Millions of these impersonation emails are being sent out in multiple campaigns and users need to be educated on what to look for when receiving emails.

Cybercriminals’ simple yet very cunning tactics

This rise in web service impersonation attacks involves a few simple but effective tactics on behalf of cybercriminals:

  • Including a link to a web page that prompts employees to log in. Here are several examples of these phishing emails:

  • From there, when the unsuspecting victim clicks on the link and is directed to a fake sign in page, they will provide attackers with their username and password without knowing they had done anything out of the ordinary.
  • After stealing the victim’s credentials, the attacker will typically use them to remotely log into the user’s Office 365 or other email accounts and use this as a launching point for other spear phishing attacks.
  • At this point, it becomes even more difficult to detect attackers at work because they will send additional emails to other employees or external partners, trying to entice those recipients to click on a link or transfer money to a fraudulent account.

Traditional email security solutions will not detect this attack!

This evolving attack will not be detected by existing email security solutions on the market for a host of reasons:

  • The links included in the email attacks are typically zero-day in which a unique link is used in each email sent to potential victims. Therefore, they will never appear on any security blacklists.
  • In most instances, the links included lead to legitimate websites, where the attacker has maliciously inserted a sign in page, and the domain and IP registration will appear legitimate.
  • Unfortunately, link protection technologies such as “safe links” will not protect user against these links. Since the link contains a sign in page and do not download any malicious viruses, the user will follow the “safe link” and will still enter the user name and password.

Even if an organisation has traditional email security technologies enabled, there will be nothing preventing the user from providing their credentials to the cunning cybercriminal. The best hope to stop these attacks is artificial intelligence for real time spear phishing protection like Barracuda Sentinel in addition to regular training to raise awareness of evolving and new threats.

Barracuda Sentinel’s artificial intelligence real time solution can be taught to automatically detect and quarantine these emails. In this case, Barracuda Sentinel can recognise how a normal email from a popular web service looks based on the signals in the email metadata and body

Security awareness training is required for all

Organisations must plan for email threats such as these and many others, train all their employees, test them on the latest email threats, and work to ensure everyone is a security advocate.

Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Download image
74% of APAC IT leaders say security culture is essential to business success
You can join these leaders in designing security awareness and training with your employees in mind.More