Ask an MSP ExpertQ: Lately we have heard a lot about emerging conversation hijacking threats. What does conversation hijacking entail and how can my MSP business prevent it from negatively affecting our customers?

Hackers and other bad actors are always inventing new methods and tactics to access organizations’ sensitive data. One of the newest methods is conversation hijacking. Recent research from Barracuda Networks revealed a 400-percent increase in domain-impersonation attacks used for conversation hijacking.

To get a better understanding of how conversation hijacking works, Smarter MSP examined the relevant research and spoke with security experts to uncover different ways MSPs can eliminate this threat.

What is conversation hijacking?

Conversation hijacking is a phishing attack that occurs when a hacker gains access to a business conversation (or creates one themselves) by using compromised credentials. Once they have gained access to the compromised account (often an email account), the hacker will typically study emails and available information they can uncover. The hacker then inserts themselves in the conversation and sends a note in the name of the compromised account owner. This helps them manipulate other users into providing them with the data and resources that they are seeking.

Conversation hijacking allows hackers to take advantage of the fact that recipients are more likely to fulfill requests from email users they recognize. Recipients often believe and don’t ask questions about requests for money or private information when they believe it is  coming from an important account, like the CEO. Thanks to their ability to compromise the account and then conduct extensive research about the user, hackers can make these types of phishing attacks highly personalized, which increases their chance of success.

Stop conversation hijacking with AI

Automation can be an incredibly useful tool for MSPs in their battle to protect end users from falling victim to conversation hijacking. By integrating these in with  their security tools, MSPs can  monitor account logins and see if there are any login attempts that are coming from unusual locations. Automation can also help detect suspicious emails from impersonated domains and eliminate malicious ones before they reach a user’s inbox. AI also does a great job with spotting other clues  a human might miss, such as domain names that are very slightly subtly changed from the original domain that it is pretending to be.

Other ways to prevent conversation hijacking

One of the most effective ways to stop any cyberattack, especially conversation hijacking, is with a comprehensive security awareness training program. MSPs can offer these programs to their clients to educate users on how to identify spear phishing attempts and avoid falling victim to them. Live simulations of phishing attacks allow MSPs and their clients to track the progress of individual users and determine which ones may need extra training and protection.

Setting up internal security processes can also lower the likelihood of a successful conversation hijacking attempt. Multi-factor authentication and in-person approvals for things like granting access or permission to transmit funds can keep users alert when a hacker tries to hijack a conversation. Now that more companies are working remotely, in person approvals can easily be given over Zoom calls or over the phone.

Conversation hijacking is becoming more popular because it allows hackers  to gain access to a user’s data and resources with the user’s “permission.” It’s a method that gives them the ability to take what they want by hiding behind a trusted account the entire time. By leveraging a combination of technologies such as AI and strong internal policies, hackers won’t be able to sneak their way through an organization’s front door as easily.

Photo: Twinsterphoto / Shutterstock

Posted by Bill Petherbridge

Bill is a Content Marketing Associate at Barracuda MSP. In this position, Bill is a key contributor to the management of the SmarterMSP.com and Barracuda MSP blogs. He also serves as copyeditor for Barracuda MSP content, in addition to maintaining Barracuda MSP's social media presence.

12 Comments

  1. Eric Goldstein April 7, 2020 at 12:56 pm

    What a scary way to hack! Has happened to a few clients and friends.

    Reply

  2. Sharon Vanhoose April 7, 2020 at 12:58 pm

    Had a client today call me about this. People need to pay attention

    Reply

  3. Very informative.

    Thank you

    Reply

  4. We have some customers who where actually suffered from conversation Hijacking, but it is always suspicious!

    Reply

  5. Informative article and definitely something to be on the lookout for.

    Reply

  6. Just goes to show how important it is to pay attention when going over emails

    Reply

  7. This just happened to an end user this week!

    Reply

  8. We have seen this happen at a client. Very important to have 2 factor on email accounts, and end user training is getting more and more critical. Am interested to learn more about automating finding suspicious domain accounts.

    Reply

  9. 1st line of defense is user education!

    Reply

  10. Such a scary scenario. Sounds like the Barracuda Sentinel solution will help protect our clients.

    Reply

  11. Ensuring you have proper MFA in place will greatly reduce the risk as well

    Reply

  12. Matthew Brunk May 5, 2020 at 4:34 pm

    “Hack the Person!” This is a very good post/lesson for all. Thank you

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *