Insider Email Threats
Sep. 24th, 2018 09:43 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
paserbyp
Insider threats are an unfortunate reality in today’s workplace. Though relatively rare, they can be quite damaging. Insider attacks take many different forms—rogue employees may access unauthorized data or improperly override security controls for personal financial gain. Luckily, when attacks come from the inside, there are HR policies and laws that protect the organization. This is not the case when external hackers pretend to be insider employees.Faux insiders have the power to wreak havoc and cause financial losses and are an overall more complex threat to counter. For example, in a CEO fraud, an attacker posing as a senior executive, commands an underling to execute a bank transfer to a “vendor” on a rushed basis. Such was the case at a startup in the UK, where a hacker pretending to be the firm’s CEO was able to direct £16,000 to an offshore bank account controlled by criminals (more details about attack: https://www.wired.co.uk/article/hacking-start-up-email-london-phishing-attacks-money).
Organizations that use cloud-based email solutions like the increasingly popular Office 365 email are especially vulnerable to faux insider phishing attacks. The problems begin in the very architecture of the cloud-based email system. Gateway-based solutions, whether they are hosted on-premises or in the cloud, sit in line in the SMTP mail flow.
Imagine that a user’s Office 365 account is compromised, perhaps by way of a convincing but fake Microsoft Login web page. The risks are severe in this scenario. With an actual Office 365 credential in hand, the attacker can take over the user’s email account and send emails to “colleagues” that look 100% authentic… because they are. He or she can send attack emails from a real account. They are legitimate emails from one coworker to another on the actual email system.
The Microsoft vulnerability is manifesting itself in a striking set of statistics. Vade Secure research shows that fake Microsoft sites comprised the #1 phishing URL hit in the second quarter of 2018. That’s more than PayPal! Indeed, Microsoft-based phishing attacks have more than quadrupled since the start of the year.
Phishers know their audience—predatory emails tend to look like any other email a user might receive. Here is more from researchers at Carnegie Mellon University: https://cups.cs.cmu.edu/soups/2015/papers/eduGonzales.pdf
