Business emails a rising popular target for phishing attacks
PUBLISHED ONAugust 31, 2019 4:00 AMByRaymond Lau
Cyberthreat actors are becoming more creative in their attempts to use social engineering to infiltrate businesses through email, a new report has found.
According to the Financial Services Information Sharing and Analysis Centre (FS-ISAC), a non-profit industry consortium representing 7,000 member institutions in the global financial industry, there has been a "significant increases" business email compromise attempts.
These usually take the form of invoice scams and spear phishing spoof attacks. They target the group of users who are traditionally the weakest link in an organisation's cybersecurity defences: the end-user.
Unsuspecting or un-alert users in any organisation can fall prey to seemingly official-looking emails, such as fake Office 365 emails requesting for password changes. By following malicious instructions, they can unwittingly open the doors of their organisation to hackers.
[[nid:458872]]
"Threat actors have changed the way that they operate," said Brian Hansen, executive director, FS-ISAC Asia Pacific, "We are seeing more time spent on preparation and reconnaissance prior to initiating attacks to ensure attacks are successful and against the best targets, be it a person or information system on a network. These actors are also increasing collaboration on the dark web, selling and seeking services that can be used against financial institutions."
Financial institutions are also increasingly concerned about the residual impact of attacks on third-party service providers. For example, hackers used a compromised version of the ASUS Live Update tool to distribute malware earlier this year.
Around a million users worldwide may have been affected, including indirect penetration into devices used in financial institutions.
Hansen added, "With (threat actors) banding together, it is imperative for financial institutions in Asia to embrace information sharing. They must work with each other across national boundaries to protect themselves and, more importantly, the public they serve."
This article was first published in Hardware Zone.