Ask an MSP ExpertQ: Lately we have heard a lot about emerging conversation hijacking threats. What does conversation hijacking entail and how can my MSP business prevent it from negatively affecting our customers?

Hackers and other bad actors are always inventing new methods and tactics to access organizations’ sensitive data. One of the newest methods is conversation hijacking. Recent research from Barracuda Networks revealed a 400-percent increase in domain-impersonation attacks used for conversation hijacking.

To get a better understanding of how conversation hijacking works, Smarter MSP examined the relevant research and spoke with security experts to uncover different ways MSPs can eliminate this threat.

What is conversation hijacking?

Conversation hijacking is a phishing attack that occurs when a hacker gains access to a business conversation (or creates one themselves) by using compromised credentials. Once they have gained access to the compromised account (often an email account), the hacker will typically study emails and available information they can uncover. The hacker then inserts themselves in the conversation and sends a note in the name of the compromised account owner. This helps them manipulate other users into providing them with the data and resources that they are seeking.

Conversation hijacking allows hackers to take advantage of the fact that recipients are more likely to fulfill requests from email users they recognize. Recipients often believe and don’t ask questions about requests for money or private information when they believe it is  coming from an important account, like the CEO. Thanks to their ability to compromise the account and then conduct extensive research about the user, hackers can make these types of phishing attacks highly personalized, which increases their chance of success.

Stop conversation hijacking with AI

Automation can be an incredibly useful tool for MSPs in their battle to protect end users from falling victim to conversation hijacking. By integrating these in with  their security tools, MSPs can  monitor account logins and see if there are any login attempts that are coming from unusual locations. Automation can also help detect suspicious emails from impersonated domains and eliminate malicious ones before they reach a user’s inbox. AI also does a great job with spotting other clues  a human might miss, such as domain names that are very slightly subtly changed from the original domain that it is pretending to be.

Other ways to prevent conversation hijacking

One of the most effective ways to stop any cyberattack, especially conversation hijacking, is with a comprehensive security awareness training program. MSPs can offer these programs to their clients to educate users on how to identify spear phishing attempts and avoid falling victim to them. Live simulations of phishing attacks allow MSPs and their clients to track the progress of individual users and determine which ones may need extra training and protection.

Setting up internal security processes can also lower the likelihood of a successful conversation hijacking attempt. Multi-factor authentication and in-person approvals for things like granting access or permission to transmit funds can keep users alert when a hacker tries to hijack a conversation. Now that more companies are working remotely, in person approvals can easily be given over Zoom calls or over the phone.

Conversation hijacking is becoming more popular because it allows hackers  to gain access to a user’s data and resources with the user’s “permission.” It’s a method that gives them the ability to take what they want by hiding behind a trusted account the entire time. By leveraging a combination of technologies such as AI and strong internal policies, hackers won’t be able to sneak their way through an organization’s front door as easily.

Photo: Twinsterphoto / Shutterstock

Bill Petherbridge

Posted by Bill Petherbridge

Bill is a Content Marketing Associate at Barracuda MSP. In this position, Bill is a key contributor to the management of the SmarterMSP.com and Barracuda MSP blogs. He also serves as copyeditor for Barracuda MSP content, in addition to maintaining Barracuda MSP's social media presence.

12 Comments

  1. Avatar
    Eric Goldstein April 7, 2020 at 12:56 pm

    What a scary way to hack! Has happened to a few clients and friends.

    Reply

  2. Avatar
    Sharon Vanhoose April 7, 2020 at 12:58 pm

    Had a client today call me about this. People need to pay attention

    Reply

  3. Avatar

    Very informative.

    Thank you

    Reply

  4. Avatar

    We have some customers who where actually suffered from conversation Hijacking, but it is always suspicious!

    Reply

  5. Avatar

    Informative article and definitely something to be on the lookout for.

    Reply

  6. Brent Fairbanks

    Just goes to show how important it is to pay attention when going over emails

    Reply

  7. Avatar

    This just happened to an end user this week!

    Reply

  8. Avatar

    We have seen this happen at a client. Very important to have 2 factor on email accounts, and end user training is getting more and more critical. Am interested to learn more about automating finding suspicious domain accounts.

    Reply

  9. Avatar

    1st line of defense is user education!

    Reply

  10. Avatar

    Such a scary scenario. Sounds like the Barracuda Sentinel solution will help protect our clients.

    Reply

  11. Avatar

    Ensuring you have proper MFA in place will greatly reduce the risk as well

    Reply

  12. Avatar
    Matthew Brunk May 5, 2020 at 4:34 pm

    “Hack the Person!” This is a very good post/lesson for all. Thank you

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *