How hackers are changing tactics to cash in on attacks

In the recent past, hackers viewed senior level executives as easy targets for stealing protected health information through phishing gambits. These leaders of organizations had access to any data they wanted in their organizations.

But over time, CEOs, CFOs, HR leaders and other senior executives got wise or received training and became more aware of the phishing problem. Then, some experts say, hackers started targeting high-level professionals who are one or two levels down from the C-level.

But now that those junior executives have been made aware of phishing attacks, hackers now are returning to an initial target—rank and file employees.

Employees and the executives above them have gotten smarter, but so have the attackers, says Asaf Cidon, vice president of content security services at Barracuda Networks, a vendor of enterprise data security products.

Phishing is the art of fooling individuals into clicking on malicious links in email messages or opening tainted documents. These links have an address almost identical to a familiar address, but when opened, can spread ransomware or other viruses into an organization.

Also See: Phishing attack nabs hospital employees’ W-2 info

Attackers aren’t coming in now and asking for ransom; they are studying organizations and their processes and looking for data that can be accessed and then incorporated into an official-looking email that appears to be coming from a colleague or boss.

For example, a controller or accounts payable professional may get an email that appears to be coming from the CEO asking that certain funds be wired to a specific bank account, or that funds be wired to a particular billing company for this month only. In either case, the hacker is getting the funds.

“Attackers will go to great lengths to make the email seem legitimate,” Cidon says.

Now, there’s a new tactic for the hackers. They started with Fortune 500 companies or other companies with vast amounts of financial information and now are targeting smaller organizations, such as physician practices and even individuals, who are about to conduct a large transaction, Cidon warns.

A physician practice, for instance, may be selling the practice to another organization. But a hacker has been in the practice’s information systems and knows when the buy will take place and who the buyer is, and right before the real transaction is to take place, sends an email to the buyer with contrived instructions about in which account funds should be deposited.

Barracuda Networks has seen several of these rogue transactions, including one in which the sale proceeds for a house were misdirected. Those attackers knew exactly when the sale was being closed, and they were able to intercept the money, Cidon says.

“It takes more effort for these attacks as hackers do research, personalize the attack and take their time,” he adds. “It is much more targeted than ransomware and has a much bigger pay-off.”

To avoid such nightmares, Cidon suggests a simple remedy—double check with those you are working with and verify their identities before conducting a wire transfer. “This is a new type of threat that requires new responses,” he says. “A spam filter won’t catch these threats.”

For reprint and licensing requests for this article, click here.