Skip to main content

CND News and Blog

Spear Phishing - Cyber Attacks

 We have all heard of Phishing attacks, where emails are used as bait to lure us into clicking on a link or opening an attachment. However, because we are now much wiser to the threat, attackers are having to work harder to lure us in by doing some research.

These targeted phishing attacks are referred to as Spear Phishing, and humorously, if it's the senior crew who are targeted, such as the captain, it's also referred to as Whaling (big fish).

Andy Cuff, Managing Director of Computer Network Defence (CND), reported the issue after one of his own staff was used by a criminal in an attempted scam. The Spearphishers are so-called because they spend time researching the relationships of specific individuals on social media.

They can use financial information from open source such as Companies House to identify high net worth individuals, then scour social media for connections of the person whom they then impersonate. Using a 'connection's' email address they send a message to the target with a link that, if clicked on, will infect the system, allowing funds or information to be stolen by the hacker; or infect the entire ship.

[Note: faking an email address when you don't need a reply is very easy]

The attackers tend to target new crew as they assume they won't have the security measures in place or the security training yet. The highly targeted approach is a step-up from standard 'phishing' emails and is extremely effective.

Andy, whose company is headquartered in Bath, said: "It really is a more sophisticated way of attacking people as it is highly targeted. The spear phishing emails when received look legitimate and as if they are from a friend so there is apparently no reason why you shouldn't trust it and click on any links.

Recently a friend of one of our senior staff called him to ask him why he had sent him an invoice; he was perplexed because it hadn't come from him. Being a cyber-security company, we asked that the email be forwarded to us for analysis. The sender had forged the email address of our employee and used the full name of the target. The link within the email led to a document containing a virus. We ran the link through a cyber threat intelligence portal and several other organisations had looked at the same link that day, but nothing prior.

This suggested that it was a new link that had been used several times and was identified as suspicious. At first it looked like a standard phishing email, but there were a few interesting elements which made it a spear phishing attack. There is no business relationship between our employee and the target and yet the email address was sent using our business address. Their only link is on Facebook. The target's new business had been extremely successful with an annual increase in profit of 500%, as would have been deduced from its figures on Companies House.

We would surmise that the attacker had identified the target as a recent high net worth individual with a new company and no website, suggesting that he had minimal security and a limited IT knowledge. Some social media investigation identified a relationship between these individuals, and their unusual names, coupled with their internet presence, enabled business-to-business email addresses to be identified.

It's worth double checking any emails received and looking at the email addresses carefully.

Another clue was that the English in the email was impeccable, but clearly written by someone for whom it was not their first language.

People should update their operating systems and antivirus software and yes, even Apple computers should have antivirus software.


Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 28 March 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/