Worm Phishing Attacks Change the Scope of Cyber Attacks
A phishing attack against a corporation has uncovered a sneaky way of attacking multiple victims. Recently, a method called worm phishing changes the scope of cyber attacks. That’s why multi-factor authentication is essential for corporations.
How did worm phishing change the scope of cyber attacks?
The first sign of worm phishing changing the scope of cyber attacks was an attack against a reputable company. Worm phishing attack began with a response team getting a warning from their company at 10 am when a user fell victim to a phishing campaign. Security figured it was just a regular attack. Then, in order to find the cause and any possible damage, the team started investigating the incident.
Then, their inbox has been spammed with even more warnings. This is a common trait of attacks. Emails that make through the rules of filtering appear in several accounts at once. Several accounts were taken over by the time they had completed an actual damage report and recovered the first two accounts. After they finished examining the records, the victims found there was possibly something much more serious.
Attackers contacted their victims from odd places worldwide, and many emails were sent out. This could have been a really successful phishing attack, or the attackers had been waiting a long time after stealing credentials to hit at a perfect time. The issue was that the original credential attack was not noticeable, and on the same day, no one had got an email from a new account.
Ultimately, the team examined sign-in records, which exposed how the attacks had been made to figure out the problem.
How did the victims get tricked by the worm phishing attacks?
The phishing attacks were made as answers to real emails. They used the emails sent from the employees to third parties or clients and between coworkers. They sent the passwords for the compromised account to a virtual bot after the email account was hacked. Later, after the attack, the bot logged into the email and reviewed the victim’s inbox.
It replied to the latest email in each specific conversation, with a connection to a phishing website to steal passwords. The wording was suitable for every situation, and this way, the phishing links did not look alarming.
It was difficult to identify the bot because the emails felt like it was from the original account. It was sent using a valid email address as a reply-all mail, and they take into account the background of the interaction.
What methods attackers used in the worm phishing attack?
The method used in the large takeover was shocking, and it was similar to a worm. Because within a few hours, a lot of accounts were hacked.
As the bot got bigger and took over mass numbers of accounts, it expanded beyond the organization. The bot started sending phishing emails to other entities outside of the organization.
By this stage, the attack was out of hand, and the only solution was to figure out the structure in the URL of the phishing websites.
The experts said the method was very clever, and it was their favorite attack type so far. They also reported that the bot was too powerful and that the red flags and warnings were too easy to see. Because of its nature, it couldn’t achieve its maximum capacity to spread.
This attacker’s target was to collect passwords to gain money on the dark web. They accomplished their target by acquiring many accounts, but they were so loud that they raised alarms instantly. So the attacks couldn’t reach its full capacity.
How did the company respond to the worm phishing attack?
How to protect your company against worm phishing
1. Use email gap analysis tools.
Using visualization logic to simulate the attack vectors attacking organizations through your email services, our Email Gap Analysis Tool periodically checks your technical resources (such as firewalls, anti-spam, and anti-virus). The findings help you find the vulnerabilities in your organization’s technology. This way, you can take the appropriate steps before you are targeted. We help you create a secure environment.
2. Analyze employee behavior with phishing simulation.
Our Phishing Simulation models are easily adjustable, and if you have unique threats you wish to test against, the platform also allows you to run your own content. It makes it possible to create countless branches, teams, groups, and staff so that your phishing experiments can be planned and optimized in a very focused and precise manner.
Protect yourself using our anti-phishing solutions against these common attacks.