Share this article on:
When it comes to IT security, most people are well aware of the traditional ways in which cyber criminals go about their work.
There are phishing scams, fake websites, infected email attachments, and even USB keys containing malicious code that springs into action when inserted into a personal computer or mobile device.
However, there is now another strategy that’s gaining traction among cyber crooks around the world. Dubbed ‘conversation hijacking’, it’s becoming a popular way for criminals to mount an Account Takeover (ATO) attack that can be highly effective and alarmingly difficult to detect.
Research undertaken by Barracuda Networks, based on analysis of approximately 500,000 monthly email attacks, revealed a 400 per cent increase in a 12-month period. It’s likely that this growth rate will continue during 2021.
Conversation hijacking occurs when a cyber criminal either inserts themselves into existing email conversations or begins new ones using information they have gleaned from a compromised email account or other online source.
Once they have gained access to an email account, the criminal spends time reading emails to learn as much as possible about the authorised user. This can be used to craft convincing fake emails and even trick users into sharing sensitive passwords, data, or access to secure servers.
Criminals can even use email-domain impersonation techniques. This allows them to create seemingly legitimate sounding messages that appear to have come from a real address. This might appear to be the domain of another part of the business or a trusted external party.
Mix of technology and education
Overcoming the threat of conversation hijacking requires a mix of both security technologies and user education. This is because these attacks are much more sophisticated than standard phishing attempts.
Cyber criminals can spend months gathering enough intelligence to allow them to impersonate company executives, business partners or even customers. The tell-tale signs of a typical phishing scheme are not in evidence and so it can be much more challenging for both security teams and staff to spot a fraudulent email.
This is why employee training is so vital. According to the ACSC Small Business Survey Report (July 2020), “nearly one in 10 were unable to explain cyber threat terminology such as malware, phishing, ransomware or insider threats”. The OAIC Notifiable Data Breaches Report: January-July 2020 also found that data breaches 34 per cent of all breaches result from human error. Staff need to understand that they must watch for signs of a potential account takeover. They also need to be on watch for suspicious communications or requests that seem out of the ordinary. This might be an odd request for a bill payment or an email seeking login or security details.
Some of the key steps that can be taken to reduce the likelihood of a successful conversation hijacking attack include:
Although awareness of conversation hijacking is still relatively low within many Australian organisations, the potential threats it can create are significant. By taking time to understand the threat and the best means of guarding against it, businesses can reduce the changes that they will become a victim in the coming year.
Luke Smith is the regional account director, APAC, at Barracuda MSP.