Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Security alert on spear phishing and whaling attacks

SMX issues security alert on spear phishing and whaling attacks

07 September 2015, Auckland. SMX – the largest local provider of cloud email security services – has issued a security alert to its customers and partners following increasing incidents of highly-sophisticated targeted email fraud (aka ‘spear phishing’) and ‘whaling’ attacks.

SMX’s co-founder and chief technology officer Thom Hooker says spear phishing describes a process of email fraud where individuals are targeted within an organisation and attacked with a combination of social engineering and email spoofing techniques to elicit funds. Whaling is where the same techniques are targeted at key senior executives, such as chief financial officers.

He says SMX has seen live attacks unfold in real-time where, once they have a 'whale' hooked, attackers purchase brand new domains similar to their intended victims in order to trick companies into transferring cash overseas. Attackers are even following up with telephone calls prior to, as well as during, these attacks to further embellish the hoax.

In a blog on the SMX website Hooker describes a real life example of a whaling attack on a large SMX customer. The CFO of this company received an email purporting to be from his CEO instructing the transfer USD$192,000 to an international bank account. The email appeared completely legitimate, with the sender's email address displayed in the CFO’s mail client looking 100% correct. The incoming email contained no malware or links to malicious sites that would trigger the multiple security filters in place.

After the CFO responded, or was 'on the hook' to continue the phishing analogy, the phishing gang registered a new .com domain name similar to the company's real domain and continued the email conversation from this new domain. That is, the phishing gang waited until they had a whale on the line before they spent any money on embellishing their scam.

This is a really important point, Hooker says, because it demonstrates that these individuals aren't just playing a numbers game and casting their net wide; they are identifying and targeting companies and senior individuals within those companies and then refining their proposition based on responses from their targets.

“If the CFO involved in this scam hadn't had the presence of mind to query the reason for the request, which ultimately led to this scam unravelling, this company would have lost a significant amount of money,” Hooker says.

“This story isn't uncommon internationally but is relatively rare in New Zealand. It highlights the importance of security awareness training for potential whaling and spear phishing targets.”

In the security alert sent to customers and partners SMX recommends three key steps all companies and organisations should take:

1. Identify potential whaling or spear phishing targets within the organisation – these roles should include finance, management and IT security

2. Conduct security awareness training for all identified roles – this training should include an awareness of these types of attacks and familiarisation with the organisation’s security policies

3. Create and publish robust internal procedures for handling and identifying security incidents, responding to external queries requesting information on senior company executives, and so on.

Depending on the industry, SMX advises that companies and organisations may need to conduct training across a wider range of roles within the organisation.

The SMX security alert includes a link for full information on security awareness training published by the US National Institute of Standards and Training (NIST): http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf

Thom Hooker warns that the sophistication and persistence of these attacks outside of the email flow means companies should not rely solely on computer security and algorithms to protect them. Potential whaling targets need to be aware that criminals are undertaking sophisticated attacks right now and to protect themselves appropriately.

Ends.


© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Tiwai Point: Rio Tinto Announces Plans To Close Tiwai Point Smelter

Rio Tinto has just announced that it will wind down New Zealand Aluminium Smelters - the Tiwai Point smelter - saying the business is no longer viable. More>>

ALSO:

Freight: New Report On Auckland Port Relocation

The Government has released a major new report on the options for relocating the Port of Auckland’s freight operations while deferring any decision on the issue. More>>

ALSO:

Chartered Accountants: COVID-19 Fails To Knock Kiwi Investor Confidence, But More Disclosure Wanted

Three months of COVID-19 lockdown and investment turmoil has done little to knock confidence in New Zealand capital markets and listed companies with overall investor sentiment very similar to 2019, an investor survey held in mid June shows. However, ... More>>

ALSO:

Taxation: Black-Market Tobacco Sidesteps $287 Million In Excise Tax

Year-on-year increases in consumption of illicit tobacco in New Zealand have seen illegal trade swell to 11.5% of the total market. If consumed legally, illicit products would have netted the Government $287 million in excise tax during 2019. Independent ... More>>

ALSO:

Energy Sector: Meridian Spilled Water To Hike Electricity Prices - Authority Ruling

The Electricity Authority has found that generator Meridian Energy manipulated the power market, costing consumers about $80 million. More>>

ALSO:

XE Data Update: RBNZ Official Cash Rate Decision

The RBNZ will keep the Official Cash Rate (OCR) at 0.25%. T he key points in the RBNZ statement are: RBNZ keeps the OCR unchanged at 0.25% Maintain the LSAP (large scale asset purchase) at NZD$60 billion. Committee prepared to use additional monetary ... More>>

ALSO:

Electricity: Kiwis Ignore Promise Of Cheaper Power

Electric Kiwi and Flick Electric Co are joint winners of Canstar Blue’s award for Most Satisfied Customers | Electricity Providers From putting on an extra layer – rather than turning on a heater – to turning off lights and choosing the energy-saving ... More>>

ALSO:

Electricity: Transmission Pricing For A Low Carbon Future

The Electricity Authority has decided on new guidelines for transmission pricing. James Stevenson-Wallace, Chief Executive of the Electricity Authority says the new guidelines will deliver significant benefits to consumers, through lower electricity ... More>>

ALSO:

RNZ: Economic Activity And Business Confidence Bouncing Back

Two surveys from ANZ show business confidence and economic activity have rebounded, but uncertainty about the future remains extreme. More>>

ALSO:

NIWA: The Climate Record That Keeps Getting Broken

Among the multitude of New Zealand climate statistics there is one record that continues to be broken month after month. Since January 2017 there has not been one month that recorded a below average nationwide temperature, according to NIWA’s seven station ... More>>

ALSO:

Govt: Extended Loan Scheme Keeps Business Afloat

Small businesses are getting greater certainty about access to finance with an extension to the interest-free cashflow loan scheme to the end of the year. The Small Business Cashflow Loan Scheme has already been extended once, to 24 July. Revenue and Small ... More>>

ALSO:

Science: 2019 Prime Minister’s Science Prizes Announced

The 2019 Prime Minister’s Science Prizes have been announced in a digital livestream event today. The Prizes recognise the impact of science on New Zealanders’ lives, celebrate the achievements of current scientists and encourage scientists of the ... More>>

ALSO:


RNZ: Fuel, Alcohol Costs To Go Up From Today

The increase today in the taxes on fuel, road user charges and alcohol is being called a tone-deaf move. More>>

ALSO:

Stardome Observatory: Young Kiwi Astro-Photographer Shoots For The Stars

Matariki by Josh Kirkley. The stars are aligning for up-and-coming Auckland-based astro-photographer Josh Kirkley (Kāi Tahu). During lockdown, one of his images was picked up by NASA and shared on the space agency’s Instagram to its 59.2 million ... More>>


DCANZ: Time For EU To Commit To A Level Playing Field For Trade

The Dairy Companies Association of New Zealand (DCANZ) has welcomed New Zealand Trade Minister David Parker’s statement that it is unacceptable for New Zealand exporters to continue facing an ‘unlevel playing field’ in the EU. Details leaked ... More>>

ALSO:

New Zealand Government: Supporting Kiwi Businesses To Resolve Rent Disputes

The Government will legislate to ensure businesses that suffered as a result of the COVID-19 response will get help to resolve disputes over commercial rent issues, Justice Minister Andrew Little announced today. More>>

ALSO: