The recent phishing attack on Breitbart shows how even the simplest attempts can be successful. In this case, a Steve Bannon impersonator tricked his way into ‘editorial' conversations, despite misspelling his name and including Alan Partridge references in emails.
Some people – about one in 14 according to a Verizon report – regardless of awareness training, still click on phishing emails, so consequently spear phishing, email impersonation and spoofing continue to be major catalysts for the rise of CEO fraud and business email compromise (BEC) attacks.
Looking back at 2017 so far, the scale of phishing attacks and the devastating trail they leave behind are still staggering. Kaspersky Labs products blocked 51 million attempts to open a phishing page, while mobile ransomware attacks, frequently delivered via SMS (aka smishing) are up 250 percent since January. Ironscales' own research estimates that 95 percent of all successful cyber-attacks start with phishing.
To understand the scale of the problem – and predict with depressing confidence that it's only going to get worse – here's a look at the top ten most notable and damaging phishing attacks in the first half of 2017.
1. Qatar under siege – Businesses and residents of this Gulf nation, with a population of just 2.3 million, were hit with more than 93,570 phishing events in a three-month span. Such attacks leveraged both email and SMS texts as attack vectors.
2. Smishing in the Czech Republic – According to SC Magazine, a phishing campaign faked “texts from the Czech Republic's postal service, hoping to trick Czech device owners into downloading a malicious app containing a trojan horse designed to steal credit card information and commit other malicious activities.” The full extent of damages is not yet known.
3. Business email compromise (BEC) attack hits 50 countries – This Nigeria-based attack targeted more than 500 businesses, primarily industrial companies, prompting employees to download a file entitled “Energy & Industrial Solutions W.L.L_pdf.” Once downloaded, the unknown adversary injected malware used to gain unauthorised access to company networks and information.
4. Chipotle's phishy February – Eastern European cyber-criminals sent “malware laden” emails to Chipotle staff that compromised the Point-of-Sale (POS) systems of most Chipotle restaurants, obtaining millions of customers' credit card data.
5. Amazon ransomware attack – In January, hackers created legitimate looking deals to trick customers into handing over sensitive payment information. When buyers went to purchase discounted items, the transaction would appear as no longer available, prompting shoppers to input information that was later used against them.
6. Ukrainian accounting firm exposes world to Petya – By the time December rolls around, this phishing attack may rank as one of the year's most damaging. In June, a Ukrainian FinTech company, MeDoc, was breached, and its systems were injected with malware. Through a Microsoft vulnerability, the malware spread across the globe – impacting hundreds of organisations in Russia, Europe, India and the United States.
7. Google & Facebook taken for US$ 100 million each – A phishing email successfully induced employees into wiring money – to the extent of US$ 200 million – to overseas bank accounts under the control of a hacker. He has since been arrested by the US Department of Justice.
8. IRS W2 tax season spear-phishing scam – In the United States, a spear-phishing attack proliferated at the beginning of tax season, which requested personal information from employees for tax and compliance purposes. As of mid-March, the attack had compromised more than 120,000 people at 100 organisations.
9. Google Docs hacked – Work came to halt for three million people worldwide in May when phishers were caught sending fraudulent email invitations to edit Google Docs. When opening the invitation, people were brought to a malicious third-party app, which allowed the adversaries to access people's Gmail accounts.
10. WannaCry shuts down business in 180 countries – What might go down as one of the worst cyber-attacks in history, the WannaCry ransomware attack is suspected of having impacted more than 230,000 people in 150 countries. There's still debate on the role of email phishing as the primary attack vector, but researchers believe it's likely one that was used.
These events, among many others, reiterate that targeted phishing attacks are bypassing secure email gateways/spam filters and going undetected for weeks and sometimes even months. Overburdened SOC teams need to consider how to incorporate human intelligence and machine learning into their phishing defence.
Contributed by Eyal Benishti, founder and CEO of IronScales
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.