{"id":4642,"date":"2016-04-18T10:24:43","date_gmt":"2016-04-18T15:24:43","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=4642"},"modified":"2016-04-18T16:46:49","modified_gmt":"2016-04-18T21:46:49","slug":"unmasking-the-imposters-part-1-an-evolving-threat","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/unmasking-the-imposters-part-1-an-evolving-threat\/","title":{"rendered":"Unmasking the Imposters, Part 1: An Evolving Threat"},"content":{"rendered":"

\u00a0<\/p>\n

We\u2019ve come a long way, since the first large-scale outbreaks of advanced fee fraud and email account hacking, back in 1986. In the years to date, cyber-criminals and fraudsters have stepped up their game, considerably \u2013 to the point where (in some unfortunate organisations) it\u2019s nearly impossible to distinguish between genuine staff and authorised users of a network, and those who are simply posing as such.<\/span><\/p>\n

\u00a0<\/p>\n

\"imposters1_hand\"In this two-part series, we\u2019ll be exploring the problems caused by imposters who gain access to corporate networks and identities, and the measures that may be taken to mitigate the threat that they pose. We\u2019ll begin by exploring the nature of the imposter threat itself.<\/span><\/p>\n

Scaling Up the Attacks<\/span><\/h2>\n

In a report titled \u201cThe Human Factor 2016<\/a>\u201c, analysts at Proofpoint have laid out the extent to which fraudsters using increasingly sophisticated techniques have escalated their assault on corporate networks. Proofpoint\u2019s findings suggest that some 74% of the bogus web addresses used in email lures point to sites constructed for collecting user credentials and other valuable information. This contrasts with previous trends, which attempted to bait the unwary recipient to sites hosting malware.<\/span><\/p>\n

\u00a0<\/p>\n

Malicious software still figures in the fraudsters\u2019 plans (as we shall see), but its applications have been given a clever twist.<\/span><\/p>\n

Phishing for Credentials<\/b><\/span><\/h2>\n

Phishing is an online deception which involves inducing an unsuspecting user to reveal personal information such as credit card data or login passwords on a bogus web page or email form that\u2019s been designed to resemble a legitimate company or organisation \u2013 like their bank.<\/span><\/p>\n

\u00a0<\/p>\n

In the past, it\u2019s a technique that\u2019s been employed by fraudsters as a high-volume strategy, characterised by mass mailings. The psychology of this approach is simple: if you put out enough bait, someone\u2019s going to bite. Simple \u2013 but the hit rate for all that spam may not be as rich in data and opportunities for access, as the fraudsters might wish.<\/span><\/p>\n

\u00a0<\/p>\n

So, in recent years, targeted phishing campaigns have gained in popularity. At a larger scale, popular and reliable websites and online resources such as Dropbox and Google\u2019s platform of tools and social media are being used as the lure, in email phishing campaigns. The idea here being that, as people have been using these services for legitimate business and trust them, they are more likely to respond to a message concerning their accounts on these sites.<\/span><\/p>\n

\u00a0<\/p>\n

For more cleverly crafted campaigns with potentially higher pay-offs, imposters are biding their time, and doing their research. By hacking into contact lists and studying user profiles on social media, they are able to identify likely correspondents (who may be organisations or specific individuals) from whom an urgent email requesting action or information will probably receive a positive response.<\/span><\/p>\n

\"imposters1_phishing\"<\/a><\/p>\n

There are even categories, for this type of imposter activity. For instance, Proofpoint cites the case of advanced persistent threats (or APTs) which have recently targeted Indian diplomats stationed in the Middle East. And organisations have been on the alert since 2015, when the FBI warned of an increase in CEO fraud, or business email compromise (BEC).<\/span><\/p>\n

The Second Stage<\/b><\/span><\/h2>\n

The previous generation of fraudsters used malicious software (or malware) such as web-crawlers, information extractors and keyloggers to do the work now being unwittingly performed by those who respond favourably to information requests from bogus websites and online forms.<\/span><\/p>\n

\u00a0<\/p>\n

Imposters are now incorporating malware in a second-stage process of their phishing campaigns. In its \u201c2015 Data Breach Investigations Report\u201d, Verizon highlighted the use of email attachments and other methods of installing malware such as remote access tools (RATs) onto a user\u2019s machine, once they\u2019ve been hooked into the scam by a successfully targeted email message.<\/span><\/p>\n

\u00a0<\/p>\n

Continued correspondence with the bogus individual or organisation may lead to further installations of malicious software, or simply give the malware already present in a recipient\u2019s system time to siphon off confidential information, exert control over corporate networks, or worse.<\/span><\/p>\n

Social Media as Infrastructure<\/b><\/span><\/h2>\n

Data security experts often advise against revealing too much about yourself or your organisation on social media \u2013 and with good reason. Scouring user profiles is one of the first items on the \u201cTo Do\u201d list of an industrious fraudster. And for the imposter, social media represents a valuable resource in their armoury.\"imposters1_devil\"<\/span><\/p>\n

If your privacy settings aren\u2019t properly configured on the likes of Facebook or LinkedIn (a favoured target for imposter research, as its subscribers are business profes<\/span>sionals), you could be giving an imposter the kind of personal and \/ or corporate information they need to pose convincingly as you, in correspondence with clients, partners, or junior members of your organisation.<\/span><\/p>\n

The External Insider<\/b><\/span><\/h2>\n

Again, cyber-security assessments often focus on the threat posed to an enterprise by those within its ranks \u2013 be they disgruntled employees, or simply workers exercising lax user authentication or network access protocols.<\/span><\/p>\n

\u00a0<\/p>\n

With an imposter in your midst<\/a>, you have the situation of a malicious outsider who\u2019s actually posing as someone within. In our next instalment, we\u2019ll be discussing how to identify any bogus users or employees in your network, and the measures you can take to protect your organisation from becoming a victim of their schemes.<\/span><\/p>\n

\u00a0<\/p>\n

For now, we\u2019ll leave you with some best practice tips for avoiding the phisher men and women, out there.<\/span><\/p>\n

\u00a0<\/p>\n