A recent technical alert issued jointly by the Department of Homeland Security, the Department of the Treasury and the Federal Bureau of Investigation states a “high confidence” that North Korea is responsible for multiple attacks that have stolen millions of dollars from banking ATM systems across the world.
This attack, known as “FASTCash,” was a very sophisticated attack. The government’s technical alert about the attack includes a diagram. This diagram – and the inner workings of the attack are hard for a non-technical person like myself to discern.
But one surprising detail of the attack is very easy to understand: The hackers began their attack with simple spear-phishing emails:
“The initial infection vector used to compromise victim networks is unknown; however, analysts surmise HIDDEN COBRA actors used spear-phishing emails in targeted attacks against bank employees.”
Despite the high level of sophistication of this attack, the entry into the banks’ network was not technically sophisticated. It was a simple phishing attack directed at bank employees.
What is Spear Phishing?
Spear phishing uses a fraudulent email is designed to appear to originate from a known or trusted source. It is a targeted attack toward the email recipient and/or the recipient’s organization with the goal of obtaining the employee’s credentials (ID and password) and/or to download malware. The fraudulent email could mimic an email coming from Twitter, Facebook, LinkedIn or other social media account. It may also be formatted to look like it originates from a senior executive within the organization. When an employee clicks on the email, they either download malware, and/or are taken to a website where they input their credentials (which are then sent to the hackers).
Is your organization vulnerable to spear phishing?
Possibly. According to Verizon’s 2018 Data Breach Investigations Report, 12% of people click on phishing emails. Using this statistic, if you have 200 employees, you should expect 24 successful phishing attacks this year.
Take this Phishing IQ Test from SonicWall. Do you think you or your employees in your organization can successfully identify every phishing email in this test?