Thank you to Jonas Donjon, Security Architect, DEEP
Targeted attacks by cybercriminals are increasingly using sophisticated methods of bypassing detection systems. Spearphishing is an elaborate approach which seeks to impersonate a colleague or a manager in order to obtain information or ask someone to make illegitimate transactions. These particularly insidious attacks are more difficult to identify. There are, however, good practices and tools to prevent this type of threat, such as VADE’s language analysis solution for e-mails.
Most of us know what phishing is: attacks which most often use fraudulent email campaigns to obtain information, passwords or access for malicious persons to enter systems or initiate transactions.
These attacks generally follow an opportunistic approach, not necessarily targeting a specific company or individual. In recent months, however, there has been an increasing number of other types of attack that go by the name spearphishing.
Spearphishing: targeted, insidious attacks
During a CEO fraud, a cybercriminal pretends to be the head of an organisation in order to ask a staff member to make one or more illegitimate transactions, usually citing an urgent need. This is known as spearphishing, in the sense it requires the attacker to act skilfully, targeting their prey precisely and taking the time to fully understand how they function.
When the cybercriminal stays under the radar
During the preparatory phase of the attack, the cybercriminal gathers as much information as possible about the organisation, its managing team, their habits, as well as people who could be compromised. The key is to obtain a set of essential details without being detected. The attacker therefore prioritises sources that are directly accessible online, such as the company’s organisational charts, staff contact numbers, posts by key people on social media giving clues as to their habits, holidays and possible business trips. The goal for the attacker is to be able to credibly usurp the identity of a manager at the right moment, when they are on holiday for example. They then establish a plausible scenario and use a set of arguments that allow them to convince a staff member to initiate an illegitimate transaction.
Because they are targeted and carefully prepared, these attacks are difficult to detect. Cybercriminals are often careful not to leave traces, so as to stay undetected by traditional detection systems, which help identify email addresses or sending servers that are already known for their dubious activities. So long as the thief is careful to maintain a certain degree of distance in relation to their target, and not to make themselves known to cybersecurity tools, the threat is more difficult to identify.
Raising awareness among users and establishing clear procedures
However, putting in place and reminding employees about good practices can help prevent the risks of spearphishing. Above all, it is important to raise awareness among employees regarding these risks, particularly those who are able to initiate transactions. On an organisational level, it is also important to put in place a set of procedures and checks linked to executing transactions, especially if these are over a certain amount. Examples include the requirement for a double signature or the need to confirm an order through a channel other than the one through which the initial request is made, such as a telephone call to the person to ensure that the request is legitimate.
VADE, a technical solution for detecting suspicious e-mails
Finally, there are dedicated cybersecurity tools such as VADE’s e-mail content analysis solution which helps limit the risk of an attack. By analysing language elements found within the received e-mail, the tool flags terms that indicate that it could be part of a spearphishing operation. The content asking for a transfer to be made, taking care to justify the urgency, indicating that the e-mail is being sent from a mobile phone and using a public e-mail address are all elements that suggest an attempt at fraud. VADE’s protection system can send an alert to the recipient of the suspicious email or even block it, depending on the chosen settings
This dynamic content analysis solution, which can also be used for classification and general email protection (malware, ransomware, spam, phishing) at the heart of an organisation, offers an additional barrier against spearphishing attacks. It easily integrates with most platforms, such as Microsoft 365 and Google Workspace.
