A major rise in social engineering has been seen over the past few months, mostly using very standard attack tactics.
Speaking to Infosecurity, Check Point head of incident response Dan Wiley said that in mid-market businesses you see a lot less advanced persistent threat (APT) level attacks and nation-sponsored hacking, but you see a lot more ransomware and malware, and a lot more extortion, and they are similar as they are larger in scope.
“We are seeing a large uptick, and in December we saw a lot more cases in pure social engineering and no malware whatsoever,” he said. “We are working with a company who had outsourced all of their email and they called us and said ‘we’ve lost $3-4M and can you help us trace it?’
“Ultimately what had happened is someone had stolen one of the financial guys’ credentials, logged into the portal, logged in as the person and scraped the entire customer base and sent an email to all of the customers and said ‘our bank routing information has changed, please change your accounts payable’. No one caught the email as it was from a trusted account and they lost $3-4M.”
Wiley said that this was a watering hole attack that got the credentials, and he predicted that attackers are going after the applications that use the cloud and as there is no consolidated view, there is no control but the provider that is giving you the service and authentication is a major issue.
“Forensics in reviewing the case is very difficult, so we will see that this year – a significant uptick in terms of those avenues,” he said. “The next generation of hacking is much more social, and the attackers are going after Facebook and LinkedIn and understanding the social dynamics of your virtual reality.”
Wiley said that most organizations do not realize that they are pawns in a bigger game as there was a veil of protection, and now you’re in a game that you may not want to play. “All the strange conspiracy theories, you could be part of it,” he said.
Asked how attackers get in, Wiley said that with Amazon you can have two-factor authentication to verify your identity, but if you call customer service they will reset your password to whatever the attacker wants. “The attackers are looking for every single angle from a social aspect to modify the credentials or authorized transactions to move the bar a little further to get them to the next social network and once they control the whole playing field they can suddenly be able to elevate privileges to get more and more,” he said.