Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics

Written by

Brand impersonation in cyber-attacks has reached new levels of sophistication, a recent research article by Abnormal Security has highlighted. 

Traditionally observed in financial institutions and social media sites, threat actors are now employing multi-stage attacks with a high degree of personalization.

A study published by Abnormal CISO, Mike Britton, revealed a case where attackers impersonated the popular streaming service Disney+ in an intricate scheme.

An Attack with Attention to Detail

The cybercriminals initiated the attack with an auto-generated notification email about a pending charge for a new Disney+ subscription. Each email contained an attached PDF named after the recipient – a rarely seen tactic requiring manual effort. The PDF detailed an inflated charge of $49.99, surpassing regular subscription fees, accompanied by a seemingly legitimate customer support service number.

Notably, the attackers went beyond typical tactics by using a sender email resembling a legitimate Disney+ address, incorporating brand colors, and personalizing subject lines and greetings. The emails lacked overt signs of phishing, such as misspellings or malware-laden attachments, making them challenging to detect for both traditional security solutions and individuals.

“What sets this attack apart is the level of personalization and attention to detail employed by the perpetrators, making it difficult for traditional security solutions and even vigilant individuals to identify it as malicious,” Britton wrote.

“Based on initial research in late September, the threat actor targeted 44 individuals across 22 different organizations with this Disney+ impersonation attack.”

While the technical details of the attack are not explicitly outlined in the Abnormal advisory, the primary attack vectors appear to involve a combination of email spoofing/phishing, attachment-based tactics, phone-based social engineering and brand impersonation.

The study underscored the difficulty for Secure Email Gateways (SEGs) to flag such attacks, given the absence of clear indicators of compromise (IOCs) and reliance on historical data for domain reputation. Employees, on the other hand, face challenges due to the convincing impersonation of a trusted brand and a sense of urgency.

To combat such attacks, the research article recommends AI-native email security solutions that employ machine learning, behavioral AI and content analysis.

Image credit: AFM Visuals / Shutterstock.com

What’s hot on Infosecurity Magazine?