Mandiant has just released M-Trends 2017, its annual overview of the cyber threat landscape. It doesn’t exactly make for happy reading - especially those businesses content to rest on their laurels when it comes to cyber security.
How does it work?
1. The hacker realises that a generic-themed, unprompted email will most likely be picked up by the target company’s corporate email controls.
2. So the hacker does a little digging (via LinkedIn or the company’s website). He identifies a named individual and comes up with a credible ruse to make contact - such as a potential new supplier of office materials - or even a new client enquiry.
3. The hacker telephones that individual. The upshot is that the hacker will send through an email relating to the telephone conversation.
4. The target receives the email. Attached is a Word doc (a price list or invite to a conference, for instance). In the subject heading, the hacker avoids the usual suspects - phrases such as “delivery confirmation” which are used in many attacks - so as to bypass email controls. The content of the email relates directly to the earlier telephone conversation.
5. The target is expecting the email - so his guard is down. To open the attachment, the target is invited to disable macros. He does so, resulting in a batch script being executed and the hacker’s malware payload being downloaded.
So what do you do about it?
You’ve got robust email filters in place already. You might even have invested in a pretty nifty endpoint detection and response platform. Yet this, along with all the other tools and strategies you might have working for you, can count for little if your people are the weakest link in the security chain.
Are your staff being ‘socially engineered’? Is a single phone call all it takes to bypass your organisation’s security? We’re in the business of helping organisations build their very own culture of security awareness. To find out how we do it, contact us today.