Blog

Worm Phishing Attacks Change the Scope of Cyber Attacks
Computer Worms, Cyber Security Awareness, Cyber Security Awareness Training, Email Security, Phishing Attacks, Phishing Awareness, Phishing Emails, Phishing Security, Social Engineering Attacks, Worm Phishing, Worm Phishing Attacks

Worm Phishing Attacks Change the Scope of Cyber Attacks

A phishing attack against a corporation has uncovered a sneaky way of attacking multiple victims. Recently, a method called worm phishing changes the scope of cyber attacks. That’s why multi-factor authentication is essential for corporations.

How did worm phishing change the scope of cyber attacks?

The first sign of worm phishing changing the scope of cyber attacks was an attack against a reputable company. Worm phishing attack began with a response team getting a warning from their company at 10 am when a user fell victim to a phishing campaign. Security figured it was just a regular attack. Then, in order to find the cause and any possible damage, the team started investigating the incident. 

Then, their inbox has been spammed with even more warnings. This is a common trait of attacks. Emails that make through the rules of filtering appear in several accounts at once. Several accounts were taken over by the time they had completed an actual damage report and recovered the first two accounts. After they finished examining the records, the victims found there was possibly something much more serious. 

Attackers contacted their victims from odd places worldwide, and many emails were sent out. This could have been a  really successful phishing attack, or the attackers had been waiting a long time after stealing credentials to hit at a perfect time. The issue was that the original credential attack was not noticeable, and on the same day, no one had got an email from a new account.

Ultimately, the team examined sign-in records, which exposed how the attacks had been made to figure out the problem.

How did the victims get tricked by the worm phishing attacks? 

The phishing attacks were made as answers to real emails. They used the emails sent from the employees to third parties or clients and between coworkers. They sent the passwords for the compromised account to a virtual bot after the email account was hacked. Later, after the attack, the bot logged into the email and reviewed the victim’s inbox.

It replied to the latest email in each specific conversation, with a connection to a phishing website to steal passwords. The wording was suitable for every situation, and this way, the phishing links did not look alarming.

It was difficult to identify the bot because the emails felt like it was from the original account. It was sent using a valid email address as a reply-all mail, and they take into account the background of the interaction.

What methods attackers used in the worm phishing attack?

Worm phishing attacks change the scope of cyber attacks
Worm phishing attacks change the scope of cyber attacks.

The method used in the large takeover was shocking, and it was similar to a worm. Because within a few hours, a lot of accounts were hacked.

As the bot got bigger and took over mass numbers of accounts, it expanded beyond the organization.  The bot started sending phishing emails to other entities outside of the organization.

By this stage, the attack was out of hand, and the only solution was to figure out the structure in the URL of the phishing websites.

The experts said the method was very clever, and it was their favorite attack type so far. They also reported that the bot was too powerful and that the red flags and warnings were too easy to see. Because of its nature, it couldn’t achieve its maximum capacity to spread.

This attacker’s target was to collect passwords to gain money on the dark web. They accomplished their target by acquiring many accounts, but they were so loud that they raised alarms instantly. So the attacks couldn’t reach its full capacity.

How did the company respond to the worm phishing attack?

For email accounts which had not allowed the extra security, the company introduced multi-factor authentication immediately.  

How to protect your company against worm phishing

Worm phishing attacks change the scope of cyber attacks
Worm phishing attacks change the scope of cyber attacks

1. Use email gap analysis tools.

Using visualization logic to simulate the attack vectors attacking organizations through your email services, our Email Gap Analysis Tool periodically checks your technical resources (such as firewalls, anti-spam, and anti-virus). The findings help you find the vulnerabilities in your organization’s technology. This way, you can take the appropriate steps before you are targeted. We help you create a secure environment.

2. Analyze employee behavior with phishing simulation.

Our Phishing Simulation models are easily adjustable, and if you have unique threats you wish to test against, the platform also allows you to run your own content. It makes it possible to create countless branches, teams, groups, and staff so that your phishing experiments can be planned and optimized in a very focused and precise manner.

Protect yourself using our anti-phishing solutions against these common attacks.

Comments (12)

  1. […] way, phishing attacks will be stopped before they […]

  2. […] hear about different types of phishing attacks every day. However, spear phishing is the most common method used by hackers in recent phishing […]

  3. […] day, we see a new type of phishing attack. Cybercriminals always try to upgrade their plans; they work hard to improve their phishing and […]

  4. […] the increase in the use of artificial intelligence in cyber attacks has started to cause panic in everyone. Attackers create new software using machine learning to […]

  5. […] measure you will take in the ‘new normal’ period will increase your strength against phishing attacks. Not only in this critical period but also under normal conditions, your work in the field of […]

  6. […] number has been increasing steadily, reached serious levels by 2020. One reason for the increase in phishing attacks is that hackers are now targeting service providers such as MSPs, CSPs, and TSPs. These attacks […]

  7. […] to create a common phishing awareness in your company and to increase solidarity when fighting phishing attacks. You can use our threat intelligence tool for this. Thanks to this tool, you can quickly inform […]

  8. […] awareness means knowing all aspects of cybersecurity and especially phishing attacks. This awareness not only means knowing how attacks occur, but truly aware employees also need to be […]

  9. […] reasons to get you into their networks. As soon as you are convinced, they capture your information by entering your computer or directing you to a fake website. Then, using this information, the hacker demands a ransom from […]

  10. […] Hackers use malicious URLs in most of their spear phishing attacks. The report states that this rate is only 30% for attacks […]

  11. […] ransomware attack recently compromised a famous IT company’s network. In the phishing attack, hackers placed passwords on the company’s systems and blocked their systems’ access. […]

  12. […] to ensure security in the company because today’s work style brings many cyber attacks. Also, phishing attacks and other cyberattacks are developing and changing day by day. The source of most of these attacks […]

Leave your thought here