Every day all over the world, companies fall victim to cybersecurity attacks. It’s nearly a constant these days. Many of these attacks are preventable with the right amount of attention to detail in system setup and hardening. The three common themes in postmortem examination of all of these attacks boil down to 1) human error; 2) configuration error; 3) failing to proactively defend. In this series of six posts, we will dive into each attack’s anatomy, the attack vector, and the ways companies can attempt to avoid being victim to them. In the last post, guest bloggers from G2 Insurance will walk through how insurance companies react to claims, what to watch out for in your policies, and appropriate coverage levels for cyber insurance based on their experience handling claims.
#1 Email Spoofing and Wire Fraud
This attack is essentially a wire instruction interception/redirection or wholly fake request for a transfer. This is an event that comes up daily or at least weekly in any cybersecurity professional’s world. This attack typically plays out with a threat actor masquerading as a legitimate authority within a company, typically someone in the C-suite or Director level. To make it successful, the recipient of the wire transfer request has to believe it’s legitimately originating from one of those authoritative people.
One way attackers do this is using actual stolen credentials. Despite the flood of data security breaches and database hacks, people unfortunately still use weak passwords and also re-use passwords. We have seen dozens of instances of successful credential attacks where the attacker used publicly available database leak information to gain unauthorized access to corporate accounts. The approach goes like this: an attacker harvests information regarding corporate leadership from various data sources about companies (LinkedIn, Dunn & Bradstreet, Bloomberg, Google Finance) and chooses a few people to target. They then cross-reference those names to leaked credential databases, often times hosted on Darkweb sites, IRC chat rooms, or other forums dedicated to hacking. If the attacker is able to find other accounts belonging to their targets that have been compromised and have a password, they can try that password, and tens of thousands of variations of it, to attack the corporate account of their victim.