Hackers are becoming increasingly sophisticated at impersonating individuals and organisations, with the cyber threat “evolving and more nuanced than ever before”, a new report has found.
Mimecast’s Threat Intelligence Report: Risk and Resilience Insights analysed global cyber attack activity for the July to September quarter and found a “blend” of simple and complex attacks, with some sustained cyber attacks utilising both.
“Attackers are continuing to use high volume, commodity malware or simple social engineering techniques as a blanket strategy; at the same time, however, other attackers invest effort into a targeted industry attack, leveraging unique malware and smart attach techniques,” the report found.
The study also found that impersonation attacks are on the rise, with hackers using increasingly innovative techniques to dupe unsuspecting users.
It also found that attackers are getting better at evading detection and dodging the good guys to stay inside a network for longer.
The report splits the cyber attacks into four main categories: spam, impersonation, opportunistic and targeted.
The old-school tactic of bulk email campaigns with the aim of spreading malware remains prevalent, with the legal services, software and banking sectors primarily targeted.
In just one week in September, more than 21 million threats were blocked, the report found, coinciding with the return of infamous botnet Emotet.
Is that really you?
There was also a “sustained increase” in impersonation attacks in the quarter, with attacks pretending to come from different domains, subdomains, landing pages, websites, mobile apps and social media profiles, often in combination.
This is done to trick the organisation or targeted individual into handing over credentials and other personal data or allowing money transfers or the installation of malware.
“This increase in impersonation attacks that rely on social engineering instead of tactics detectable through email scans suggest an improvement in the industry’s email scan efficacy,” it said.
The management and consulting sectors were the primary targets of these attacks, accounting for 15 per cent, while the legal sector was hit by 12 per cent of these types of attacks.
“Due to the heavily interpersonal, social nature of these industries, management and consulting and legal industries are suffering approximately twice as many impersonation attacks as other sectors,” the report found.
And it’s likely that these attacks will become more popular next year, the report found.
“It is almost certain this form of attack will be used again in the coming year; data shows impersonation attacks made up 26 per cent of total detections from July-September, and perhaps more significantly, the volume of these attacks grew by 18 per cent since the last report,” it said.
Coming to Australia
Australia specifically was subject to a high number of cyber attacks in the first two weeks of July, with the education sector prominently targeted, along with sustained attacks against the transportation, storage and delivery sectors.
“Relative to its size, Australia has suffered sustained attacks and targeting of its education sector during this quarter,” the report said.
“Given the lengthy, persistent campaigns targeting the education sector, the repeated nature of the threat and the resource and effort this requires, it is almost certain that the threat actors involved represent an organised and determined criminal threat.
“Targeting is likely to be intended to impact or steal research and intellectual property, but also may be intended to monitor student activities or behaviour.”
The education sector was “repeatedly attacked with a multitude of techniques”, with more than 3,000 phishing emails with ZIP files containing the Krypt Trojan detected across just two days in July.
The legal sector was also hit multiple times, mostly with generic ‘trojanised’ ISO files.
“The legal sector attacks are highly likely to have been organised criminal groups attempting to compromise their intended targets for monetary gain, given the access to significant funds which the sector is perceived to have,” it said.
“The legal sector also has access to highly sensitive, valuable client information.”