phishing emailHackers use social engineering techniques to infect victims' systems with their malicious code. This has been going on for nearly as long as there has been the internet.

This is a very common tactic, due to its simplicity and effectiveness.

Hackers have learned through trial and error that they are more likely to trust emails that look like they're part of a conversation. They often attempt to fake that. Spoofing a conversation is much more difficult than it may seem. Technology has improved to offer a better solution.

Why not hijack a conversation instead of trying to spoof it?

Hackers can now hijack legitimate conversations between you and others and inject malware into them.

Because the conversation is one that the user is having currently, the individual will trust any files or links that may be attached to the conversation. This increases the likelihood of those files being opened or clicked on.

The group spreading Qakbot is currently the primary source of this new attack variant.

Here's how it happens...

Qakbot malware infects through infected Windows computers. The malware downloads a file that scans email accounts. While other automated tools are busy scanning the user's email sending and inbox phishing emails, it finds them and steals their login credentials. When it discovers an email thread, it uses the "reply-all" function to do so.

It is possible to quote the original message in the reply. This makes it appear even more authentic.

The bot will add a few lines to the original message. It often asks for a "look at an attachment", which is usually a zip file. If you don't pay attention, anyone can open the file and not think. You know the rest.

This one is very sneaky, so keep it in your sights.

Protect your organization from Phishing Attacks

The majority of phishing defenses rely on users being able spot phishing emails. This strategy will not work. You should instead increase your defenses by adding technical measures. This will increase your resistance to phishing attacks and not disrupt the productivity of your users. This will give you multiple chances to spot phishing attacks and stop them before they cause damage. Recognize that attacks may still be successful. This will allow you to plan for them and minimize the damage.

This guidance divides the mitigations into 4 layers, on which you can build defenses.

  • Make it difficult for attackers that your users are accessed
  • Help users to identify and report suspected Phishing Emails
  • Protect your organization from undetected phishing email attacks
  • Rapidly respond to emergencies

Integrated Technology Systems can assist you to implement some of the mitigations suggested. Contact us today to discuss how we can help your company defend against malware attacks.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017