From supply chain attack to single-use domains, Darktrace tells us what we can expect this year.
In 2020, we saw cyber-criminals take advantage of collective uncertainty with “fearware” phishing attacks, and continued to shrink the lifespan of their attack campaigns by purchasing cheap domains in their thousands and regularly updating their attack infrastructure. As organisations began to rely heavily on SaaS collaboration tools, we saw a marked increase in account compromise and phishing from the inside.
This article looks at the tactics and techniques we can expect email attackers to deliver this year – and how companies can react.
Supply chain fraud will overtake CEO fraud
Targeting the C-suite is a well-known tactic that has brought attackers success, due to both the sensitive and valuable data these executives are exposed to and the authority they hold within a company. But with special protections increasingly put in place, it can be hard for an attacker to get to these individuals. The alternative for attackers? Go after whoever an organisation trusts.
When an attacker can take over the legitimate email account of a trusted third-party supplier, they can net a big return without ever interacting with a C-level executive. Because of the implicit trust between established contacts, it’s likely that suppliers and contractors with large client bases will become ever more tempting targets. Why work hard to compromise 500 companies separately when you can compromise just one and send fraudulent invoices to 1,000?
There are signs already hinting at this direction. Research earlier this year found that spoofing attacks that target the C-suite were decreasing. Meanwhile, the high-profile SolarWinds hack has shown just how effective cyber-attacks that come through the supply chain can be.
The email attack cycle will continue to shorten
Once upon a time, attack infrastructure lasted for weeks or months. Darktrace research found that the average lifespan of fraudulent email dropped from 2.1 days in March 2018 to just 12 hours in 2020. Attackers can easily purchase new email domains with just a few pennies, and a brand-new domain, with no malicious activity on its record, will pass most email security reputation checks with ease.
It’s a worrying trend for legacy security tools reliant on signatures and blacklisting. And this lifespan will continue to trend towards zero. In the near future, we can expect attackers to reach a stage where a new domain is created, a single targeted email is sent, and the attack infrastructure is then retired before the cycle repeats.
Phishing will become even more targeted
The overwhelming, rapid proliferation of “fearware” this year has shown how effective targeted and topical phishing lures can be. The sheer availability of information online and across a plethora of social media platforms allows attackers to move from a spray-and-pray approach to sending well-researched, tailored emails that have a considerably higher chance of succeeding. And as the technology becomes available to automate much of this reconnaissance, it is natural to assume attackers will take advantage of these tools.
Hackers will target identities rather than devices
For attackers going after businesses that have expanded remote working, targeting cloud services might be favorable to going after centralised, on-premises infrastructure. Email-borne fraudulent invoices could prove a quieter and more lucrative alternative for the money-minded cyber-criminal than ransomware. Successful impersonations of trusted suppliers frequently enable successful wire fraud attacks. And since these attacks involve “clean” emails – containing no links or attachments – they usually skip past legacy security tools with ease.
Cyber-criminals continue to find new ways to skirt by the traditional, legacy-based email security tools commonly relied on today. Organisations must prepare now for the next wave of email attacks by turning to a new approach to email security capable of neutralising novel and sophisticated attacks that gateways miss.
Hundreds of organisations have adopted a self-learning approach that doesn’t rely on hard-coded rules and signatures, but uses AI to spot unusual patterns in email communications indicative of a threat. As attackers continue to innovate, having an adaptive email security technology that continuously reassesses emails in light of new evidence will be crucial for security teams.
Click here to learn more about AI email security
by Dan Fein, Director of Email Security Products, Darktrace