In the recent months I've started noticing something strange - too many connection requests from people I do not know. Since I'm working in the cybersecurity industry, I'm very careful with whom I add on LinkedIn. Most of these requests were what I would deem safe, but an alarming number of them started originating from obviously fake profiles. And for a good reason - I am the CEO of a company, making me a high-value target. What do these fraudsters need my information for?
Most likely for phishing campaigns - they are among the most popular means to acquiring a target's security credentials and personal data. One report revealed a large number of hackers who were speculated to be have operating out of Iran. Creating dozens of fake LinkedIn accounts by posing as corporate headhunters, they sought to snag working professionals in industries such as telecommunications and even government agencies. Once the approach and the trap is laid with successful results, the targets are enticed into giving up information such as business emails.
Acquiring important business emails is key, as this brings hackers the targets that they seek. When a successful phishing campaign is completed, the stolen employees' sensitive data could be used to engage in more effective phishing campaigns all over again. By gaining access to significant data such as titles, reporting structures and emails, the hackers gain the means to assume the identity of senior management.
Even more-so, communicating through the hacker company emails could see malicious hackers pretend to be a member of the board, the CEO, a senior executive and most times, the CFO. Usually, the communication is made toward an employee who is below the hacker's assumed position in the corporate hierarchy. There are plenty of instances when an employee is forced to transfer money, at the behest of the faux executive or senior to the hacking impersonator's account.
Inversely, a hacker could also assume the identity of a supplier to the business, sending in a vendor email that can easily be mistaken as routine communication. Vendor emails are either compromised or spoofed with subtle changes, an extra character here or a removed one there - which would, in essence, make the email appear legitimate. The scale of such an operation only unravels when targeted employees seek to verify the transaction.
Another instance wherein emails are clearly deemed an effective hacking vulnerability is malware-laced attachments that tend to infect targeted computers entirely. The most prominent example of financial malware is that wielded by the Carbanak cyber gang. Altogether, the cybercriminal outfit is speculated to have stolen $1 billion from over 100 financial institutions around the world.
Sign up for Computerworld eNewsletters.