Researchers at Avanan, a Check Point Software company, have identified and blocked a cyberattack that misled the CFO of a major sports organization for financial gain.
Οι δράστες προσπάθησαν να ξεγελάσουν ένα χαμηλόβαθμο στέλεχος του οικονομικού τμήματος, ώστε να στείλει χρήματα σε μια υποτιθέμενη ασφαλιστική εταιρεία. Η τεχνική της κυβερνοεπίθεσης που χρησιμοποιήθηκε είναι γνωστή ως επίθεση Business Email Compromise (BEC), όπου οι εγκληματίες του κυβερνοχώρου υποδύονται τους προϊσταμένους του οργανισμού για οικονομικό όφελος. Οι ερευνητές της Avanan προειδοποιούν ότι αυτές οι cyber attacks are rampant, playing on people's desire to make a good impression on their boss.
- Attackers have struck more than once
- Two examples of spoofed emails caught in the campaigns are provided
- Avanan researchers provide several tips cybersecurity to protect against BEC attacks
Οι ερευνητές της Avanan, μιας εταιρείας της Check Point, εντόπισαν μια επίθεση στον κυβερνοχώρο που υποδύεται τον οικονομικό διευθυντή ενός μεγάλου αθλητικού οργανισμού για να πείσει έναν χαμηλόβαθμο υπάλληλο να στείλει χρήματα απευθείας στους χάκερ. Ο πλαστογραφημένος οικονομικός διευθυντής ζήτησε να σταλεί ένα τηλεγράφημα σε μια εταιρεία που φαίνεται να είναι ασφαλιστική. Η Avanan Research κατάφερε να εμποδίσει την κυβερνοεπίθεση.
It is fair to assume that the drive behind the attack was financially motivated. Little information is known about the attackers, except that they have struck more than once.
Methodology of the attack
The type of cyberattack used is known as a Business Email Compromise (BEC) attack. The attack methodology in this case was as follows:
- The hacker first created a fake account of the company's CFO
- The hacker finds the legitimate email address of a financial team member
- The hacker creates an email message that looks like it was sent by the CFO, with instructions for the process attached.
- The finance manager asks the employee to remit money immediately
- If the employee "bites", the money will end up in the hacker's account
Email Example #1
The user receives an email from the CFO of this large company.
The finance director asks the email recipient to make a payment to a legitimate insurance company, West Bend Mutual. Even smarter is the fact that the URL in the “from” address comes from her tagline.
However, this is clearly a fake, as the "reply-to" address at the top of the email is different from the company's email address. You will notice the banner indicating that the email is not from the displayed sender. This was added by the tenant's generic Office 365, not Proofpoint. It's the only thing that alerted the end user that something was wrong.
Email Example #2
This is an almost identical email that affected another company. In fact, we've seen dozens of these types of attacks.
Notice two differences: There is no external banner warning the end user of potential danger - the “Contact” email at the bottom reads Silver Lining as Silver Lining.
His comment Jeremy Fuchs, spokesman for Avanan Research, a Check Point Software company:
«We discovered an attack impersonating the CFO of a major sports organization. The "fake" CFO—aka the hacker—asks a low-ranking CFO to send a remittance to an insurance company. Instead, the amount would go directly to the hacker. In this case, we were able to successfully block the attack.
These "Business Email Compromise" attacks are extremely popular, difficult to stop and difficult to detect. End users should always exercise caution before paying invoices. It is better to confirm directly with the financial manager before payment.
I strongly recommend that users implement advanced email security that relies on more than one factor to determine whether an email is malicious or not. Be sure to read the entire email before acting, looking for any inconsistencies or oddities."
Cyber Safety Tips
- Always check the reply-to addresses to make sure they match
- If you're ever unsure about an email, ask the original sender.
- Read the entire email - look for any inconsistencies, spelling mistakes or inconsistencies
- If you use banners, make sure you don't bombard end users with them - only use them at critical moments so that end users take them seriously
