How cyber phishing has evolved
Authored by NMU
As we once again enter Cyber Security Month – which is celebrating its’ 10th anniversary this year, it’s high time that we sat down and took stock of the key cyber risks and attack methods that brokers and their clients should be aware of. The themes for this year’s #CyberSecMonth – phishing and ransomware, should be familiar to most of you, but this month we’ll be exploring both in greater detail – in particular, how these attack methods have evolved to expose new cyber vulnerabilities.
We’ll start by taking a closer look at phishing, and the variety of new techniques that fraudsters have been utilising to target individuals and businesses online. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails or directing victims to fraudulent websites to obtain logins or other sensitive information.
MPI phishing
A hacking group has developed a new, elaborate email phishing technique which utilises multiple personas and email accounts to create a convincing email chain of activity.
It starts with scammers sending an email to their target whilst CC’ing another email account which they also control, the scammer then responds from this account, engaging in fake back-and-forth conversation to lure the target into downloading a malicious payload. This new technique has been labelled as ‘multi-persona impersonation’ (MPI) by researchers at Proofpoint.
This technique has been used in a number of recent attacks, targeting scientific and academic organisations. In these instances, targets were tricked into downloading malicious OneDrive links, which once downloaded, would gather key information from the device and send this information to the hackers.
In browser phishing
When we think of phishing, we may typically think of convincingly fake Apple emails, or texts from the Royal Mail – but the reality is that phishing attacks are increasingly branching out to less conspicuous forms of communication. A recent attack targeting the online video game platform Steam and its users, utilised a sophisticated browser-in-the-browser technique to trick pro gamers into handing over their account details.
The attack began with a direct message on social media inviting the user to join a gaming tournament, with the sender including a link to a fake e-sports company. Once users requested to sign up for the tournament, they received an almost indistinguishable Steam login pop-up window. After entering their Steam credentials, a form of multi-factor-authentication would appear, only further adding to the scam’s authenticity.
Once the account details had been stolen, the scammers proceeded to sell these on, with some high-profile accounts selling for hundreds of thousands online. Attacks like this highlight how convincing phishing scams are becoming, by utilising both social media and fake in-browser login windows it’s only a matter of time before we see these techniques being used against businesses.
Hiding behind the cloud
Scammers have recently found a backdoor into cloud services, allowing them to slip phishing emails past Amazon Web Services’(AWS) automated scanners. For those who may not be familiar with the platform, it’s highly likely you’ve already used it in some way shape or form, as AWS currently holds 41.5% of the cloud computing market share – making it the world’s largest provider.
The origins of this attack stem from hackers realising that people can use an AWS service to build and host web pages via WordPress or a custom code. From here, the hackers can send phishing emails stamped with the AWS name into corporate email systems, bypassing scanners which would typically block them.
In a recent report conducted by researchers Avanan highlighted how common these large scale phishing attacks have become, often piggybacking off well-known brand names to ensure that messages land in their targets inbox. AWS which is the largest public cloud player, makes a perfect vehicle for scammers, as the service is so widely used that blocking their emails is unthinkable.
As using the cloud becomes increasingly common and more cloud services pop-up, this will only open up more opportunities to cyber criminals and allow them to more easily slip phishing emails into our inboxes.
Cyber insurance isn’t just for large organisations
It’s clear that these new techniques, combined with developing technologies present a new frontier for cyber criminals looking to target their victims. While it’s not uncommon for many to believe that only large companies are at risk of a cyber-attacks, the reality is that in today’s landscape, any business can be targeted. Fortunately, our CyberSafe solution can help protect businesses of all shapes and sizes. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support.
As always, the strongest and weakest links in a business’ armoury is human error and Social Engineering Fraud is still the most frequent in terms of claims volume, so take the time to train and educate your workforce on the signs and how they can individually play a role in preventing a cyber breach from happening. For example, not forgetting to verbally double check bank details for payment requests.
Contact us
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team
About NMU
NMU is an award-winning provider of specialty insurance solutions
We are the first choice for brokers looking for specialty insurance, offering solutions that are not simply off-the-shelf, but built upon a real understanding of the risks faced by policyholders. This, together with our ability to write risks such as storage, installation, construction and exhibitions outside of the UK and offer terrorism cover on overseas property, sets us apart from the competition.
You can count on us, when you need us most! We are NMU
Our team of professionals based across the UK, provides customers with an in-depth product knowledge and a real personal service.
We provide bespoke insurance products that are not simply off-the-shelf solutions, but built upon a real understanding of the risks faced by policyholders as well as offering added value services to benefit our clients.
Our product and services range comprises:
Cargo Insurance: Marine cargo policies cover goods during import and export, including any incidental storage, as well as domestic distribution. Stock throughput polices can cater for all this plus other, intentional storage…read more
Freight Liability Insurance: Covering the liabilities to which hauliers, freight forwarders and warehouse keepers are exposed when they contract to move or store goods owned by others…read more
Engineering Insurance: Covering contractors’ all risks (CAR), erection all risks (EAR) and contractors’ plant; machinery movement (and installation), breakdown and business interruption; deterioration of stock; and electronic risks…read more
Marine Equipment Insurance: Covering remotely-operated and autonomous underwater equipment – ROVs, AUVs and the like…read more
Terrorism and Sabotage Insurance: Standalone terrorism cover can be a more flexible and cost-effective alternative to traditional placement routes…read more
Motorsport Insurance: Designed for commercial risks, our motorsport policy offers 24/7 cover for teams at all levels across all disciplines…read more
Cyber Insurance: Providing SMEs with a simple, robust solution for cyber liabilities, cybercrime and restorative support…read more
Risk Control: Whilst we pride ourselves on our claims service, there is far more benefit to policyholders in preventing loss and damage in the first place…read more
Online Facilities: To complement our award-winning service, we use online facilities to assist NMU policyholders and brokers alike…read more
Claims Management: We pride ourselves on prompt and efficient claims management, which is supported by the use of independent surveyors and adjusters to quantify larger losses and to give advice on mitigation measures…read more