“Your device has been compromised with malware. We’ve stolen passwords or other personal data. We’ve been watching you and have webcam footage from visits to dubious sites. Pay up in Bitcoin or another cryptocurrency and your secret is safe.”
These arresting words appear on page 10 of the recently-released Cofense report, ‘Phishing Threat and Malware Review 2019 ’, amid a section of the report outlining the top four most common types of e-mail phishing threats. The chances are, though, that if you have an e-mail address, you have already seen a similar version of this in your own mailbox, and it was more than likely personally addressed to you.
Cofense notes that sextortion e-mails often include usernames, passwords and other personal information, which cybercriminals have gleaned from legitimate sites or the dark web to make the e-mails look credible. Over 2018 and this year, South Africans were not exempt from the sweeping global trend of ‘sextortion’ by cybercriminals. For most people, it is disconcerting – to say the least – to receive such an e-mail.
Cofense says that sextortion, which is the practice of extorting money or sexual favours from someone by threatening to reveal evidence of their sexual activity, ‘pushes two buttons, fear and urgency, that cause people to act before they think… ’. And this makes the practice of sextortion via e-mail one of the top four types of phishing threats getting through to people’s mailboxes – the other three being outlined in the report as credential phishing, business e-mail compromise, and bomb threats.
Cofense says that although e-mail filtering catches many sextortion phishing e-mails, many are still getting through to people’s mailboxes. Also, cybercriminals are no longer using only text-based e-mails, but other methods too. These include Base64 encoded HTML message content; body text as embedded images rather than plain text, to minimise the risk of content scanning; and the use of an embedded QR code image for the bitcoin address. Cofense also believes that automation is being used to prepare and deliver such sextortion campaigns.
“This just shows how phishing threat actors continue to evolve their campaigns in an increasingly sophisticated and effective manner,” comments Stefan van de Giessen, general manager: cybersecurity at value-added distributor Networks Unlimited Africa, a distribution partner with Cofense in sub-Saharan Africa.
“This latest Cofense report reveals how threat actors have an ever-growing repertoire of tactics and techniques, allowing them to breach the perimeter controls to users’ inboxes and deliver malware into a network system, or extort money from individuals. The report – which featured data from 1,400 customers in 50 countries – found that between October 2018 and March 2019, over 31,000 malicious e-mails were reported by end users after delivery to the inbox, and of these, 90 per cent were found in environments running one or more secure email gateways (SEGs).”
The 2019 report showed that threat actors are innovating relentlessly, including using public, open source tools to evade detection, as well as genuine Office 365 accounts to harvest credentials and increase their chances of reaching the victims’ inboxes and deliver malware.
Additionally, it revealed that SEGs play a role in phishing defence, but are not infallible. The report shows that SharePoint, OneDrive and ShareFile have been abused by threat actors to enable malware to slip through an SEG’s defences.
“As Cofense outlines in this report, human intelligence is vital to phishing defences. It is absolutely critical to educate users through a phishing awareness program, and this should include a focus on threats that are using the latest tactics, techniques and procedures (TTPs). This allows employers to make employees their best defence against phishing, rather than being the weakest link – even in the alarming face of a sextortion attempt,” concludes Van de Giessen.
To learn more about Cofense’s phishing incident solutions, please visit: https://networksunlimited.africa/products/security/cofense