Impersonation attacks focus on payroll and supply chain
Impersonating a company's CEO or other senior executive has become a favorite technique for cybercriminals seeking to extract payments from businesses.
Historically this has been aimed at accounts payable departments, but the latest email threat report from FireEye shows attackers using two new variants to target payroll and supply chains.
The payroll variant targets the department with an email requesting changes to an executive’s personal data, such as bank details, with the objective of diverting an executive’s salary to a third-party account. While the supply chain version targets the accounts payable department by impersonating an email from a trusted supplier (instead of the CEO or senior executive) to re-route a fraudulent payment to a third-party account.
"Threat actors are doing their homework. We're seeing new variants of impersonation attacks that target new contacts and departments within organizations," says Ken Bagnall, vice president of email security at FireEye. "The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack. Unfortunately, once the fraudulent activity is discovered, the targeted organization thinks they've paid a legitimate invoice, when the transaction was actually made to an attacker’s account."
Other findings of the report include a 17 percent rise in phishing attacks over the first quarter of this year, The top spoofed brands across these activities include Microsoft - with almost 30 percent of all detections – followed by OneDrive, Apple, PayPal and Amazon with around six to seven percent each.
FireEye also saw a 26 percent quarter-over-quarter increase in malicious URLs using HTTPS. This indicates malicious actors are taking advantage of the common consumer perception that HTTPS is a 'safer' option to engage on the internet.
There's been an increase in links to malicious files posted via file sharing services including WeTransfer, Google Drive, OneDrive and Dropbox too. OneDrive shows the largest jump in malicious links, though Dropbox is still the most commonly used.
The full report is available from the FireEye site.