Recent research by Barracuda Networks highlights the growing dangers of “conversation hijacking.” According to the research, an analysis of approximately 500,000 monthly email attacks shows a 400 percent increase in these types of attacks. There were approximately 500 incidents in July 2019, but by November 2019 the total number had reached about 2,000.
The Barracuda data shows that this is still a tiny percentage of overall attacks, but because of its hyper-personalized nature, the attacks can be extremely effective. The goal of these labor-intensive attacks is to get someone to wire funds to the hijacker or give up their passwords.
Falling for the familiar
Imagine having a few email exchanges with your boss about purchasing some equipment for the office. Your boss then asks you to transfer enough funds to cover the purchase to a company bank account. All in a day’s work, right?
Not if a hacker has breached your conversation and you aren’t emailing your boss. And the company account isn’t a company account; it’s an overseas bank belonging to a bad actor.
Barracuda researchers point out that these types of super-charged phishing attempts can take months to execute as the hacker waits for just the right moment. All of this points to one of the lowest-tech tools MSP owners can teach clients to use because it is one of the most effective: instinct.
If the “gut” says something isn’t right, tell clients to listen to it. MSPs need to convey to clients that if they have never been asked to transfer money or share a password, and instinct is saying something might be “off,” then that instinct should be heeded.
#MSPs need to convey to clients that if they are being asked for certain sensitive info that they have never been before, their instinct should tell them something might be “off.” #CyberSecurity
Combining instinct with the right tools
On the other end of the spectrum, high tech tools, especially AI, can be increasingly valuable at sniffing out what instinct can’t. Algorithmic analysis of conversational patterns coupled with robust cybersecurity tools can be a potent one-two defense.
Don Maclennan, SVP engineering and product at Barracuda Networks, told SC Media UK, “hackers have an insider view into organization and business deals through a compromised email account. They will use this knowledge to insert themselves into and hijack the conversation at the right time, steering the conversation in the direction that will financially benefit them.”
Smarter MSP caught up with Kevin Curran, Professor of Cyber Security at Ulster University in Londonderry (UK), to talk about this growing threat that Barracuda Networks is highlighting. Curran has studied the relatively recent phenomena of conversational hijacking.
Curran explains conversation hacking as, “A new trend in phishing where hackers insert themselves into email conversations between third parties that are known to and trusted by each other. This increases the chances of them having malicious email links clicked on, which in many cases lead to banking trojans becoming installed. It is a form of social engineering. They can do this as they have hacked the email account of one of the parties.”
#ConversationHijacking is when hackers insert themselves into email conversations between trusted parties. This increases the chances of having malicious email links clicked on. #CyberSecurity
Curran details how hackers gain access to email conversations, “Conversations are breached by the hacker merely waiting for a part of the conversation (or email thread) where they can set up their scam. For instance, they could monitor the emails of a law firm and wait for the moment where a client would be expected to transfer money. Then, they can send an email that redirects the payment to their account.
What is next for MSPs?
Curran provides steps that MSPs can enact to prevent this type of intrusion:
“The steps that CISO’s and MSPs can enact to prevent this is basically the same as the steps needed to guard against phishing emails. Companies need to educate staff not to blindly trust links even from a known contact.”
“To reduce risk, CISO’s and MSPs need a holistic, people-centric cybersecurity approach that includes effective security awareness training and layered defenses. A simple mantra for employees is to ‘Trust no one.’ That may protect some against conversation hijacking.
Curran fears the threat will continue to get worse as, “a conversation hijacking phishing email is an ideal attack vector, especially when done properly. It is relatively simple, as well to achieve.”
“Phishing emails are one of the most serious problems at this time. Emails increase year on year, and there are millions of potential people who can email you and millions of potential online site links, so spam mechanisms are struggling to block many phishing attacks. These phishing emails can generate random characters and modify their format to evade spam filters.”
“Conventional email filters cannot work with conversation hijacking. Therefore, it is only by educating users and securing email servers in the first place that it can be overcome. That is how the attackers get in.
Photo: Blazej Lyjak / Shutterstock