FireEye has recently released the results of its Q1’19 Email Threat Report, which found increases in social engineering attacks in three main areas: spoofed phishing attempts, HTTPS encryption in URL-based attacks,and cloud-based attacks focused on publicly hosted, trusted file-sharing services.
Further observations of the report says that there has been increase in 17% of phisihing based attacks. A typical phishing email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting. There has been 26% increase in use of malicious URLs using HTTPS, an increase of 17% over the prior quarter.Malicious actors are taking advantage of common consumer perception that HTTPS is a “safer ” option to enagage on the internet says the report.There has been increase in exploitation of file sharing services and new impersonation techniques in Q’19 analysis which analysed a sample set of 1.3 billion emails from January through March 2019.
- “Threat actors are doing their homework. We’re seeing new variants of impersonation attacks that target new contacts and departments within organizations,” said Ken Bagnall, Vice President of Email Security at FireEye.
“The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack. Unfortunately, once the fraudulent activity is discovered, the targeted organization thinks they’ve paid a legitimate invoice, when the transaction was actually made to an attacker’s account.”
The top spoofed brands across these activities included Microsoft, with almost 30% of all detections – followed by OneDrive, Apple, PayPal and Amazon, each within the 6-7% range. Cloud-based attacks, particularly those leveraging file-sharing services, increased in Q1’19.
Further analysis showed that there has been increase in Analysis of Q1’19 emails showed a dramatic increase in links to malicious files posted to popular and trusted file-sharing services, such as WeTransfer, Google Drive and OneDrive. Dropbox was the most commonly used.
FireEye observed threat actors increasingly using two new variants: These are Payroll and supply chain.
Payroll: This new variant targets an organization’s Payroll department with an email requesting changes to an executive’s personal data, such as bank details, with the objective of diverting an executive’s salary to a third-party account.
Supply Chain: This new variant targets the Accounts Payable department by impersonating an email from a trusted supplier (instead of the CEO or senior executive) to re-route a fraudulent payment to a third-party account.
(Image Courtesy: thecybersecurityplace.com)