That Email Isn’t Really from Your Colleague. It’s Phishing.

March 24, 2022

Phishing has always been a tricky problem for businesses. Cybercriminals are constantly launching new phishing campaigns with fresh hooks, and many times those hooks are highly convincing. That’s because the bad guys know that a well-crafted, creative phishing email will sail past most employees’ defenses. 97% of workers cannot spot a sophisticated phishing message. To make sure they keep getting through, cybercriminals keep evolving their techniques, but some old favorites remain in fashion all the time because of their effectiveness. Right now, threat actors are digging deep into their bag of tricks to pull out a classic, conversation hijacking, that’s rocking many businesses. 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Conversation Hijacking is in Fashion

Just like 75% of other cyberattacks, a typical conversation hijacking attack begins with a phishing message. That message is designed to lure the victim into providing their login to the attacker, a typical phishing goal. However, what the cybercriminal attacker does with the stolen login is a little bit different. First, they take over the victim’s email account. Then the bad actor spends some time reading through the unique correspondence of the victim as well as any new messages that roll in. The attacker will be especially interested in communications with internal and external business contacts, gaining information about business operations, learning about the company’s payment procedures and discovering potential deals in progress.    

What’s the bad actor going to do with all of this information? They’re going to use it in a type of business email compromise operation. What the cybercriminals are looking for is ongoing conversations or conversations with a solidly established history to exploit. They’ll then utilize those conversations to masquerade as the victim and perpetrate other attacks against the victim’s contacts. By using their victim’s ongoing communication threads with business contacts, bad actors are coming into their next operations from a place of trust with their targets. Their targets will be lulled into a false sense of security and more likely to follow links, download attachments, provide data or transfer payment as requested without suspicion until it’s too late and they’ve become victims themselves.  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Beware of Qakbot

There are variations on this scheme. One recent edition is a campaign involving a botnet known as Qakbot. The botnet itself has been active and since 2008, evolving from its original purpose as a banking trojan designed to steal usernames and passwords.  These days, the botnet is being used to deliver ransomware or other malware through account takeovers that are then followed by conversation hijacking to find new victims. Qakbot attacks are automated, and it spreads its malicious payload using the infected Windows computers of its victims.  

In a typical scenario, when Qakbot is installed on a compromised computer, it downloads a payload that hunts for email accounts, stealing the usernames and passwords required to obtain access. Its automated tools then riffle through the inbox looking for promising conversations before using the compromised account to send out phishing emails. Qakbot loads on the authenticity through techniques like using “reply to all” to existing email threads and quoting the original message to make the response look more authentic and convincing.  

Of course, the messages it is sending out are traps, luring targets into taking an action that will infect their own computer with Qakbot. The malicious messages generally contain a snippet of brief text content alongside a request to open and look at an attachment, generally a zip file. Those messages are tailored to appeal to the victim while making them feel confident about the authenticity of the attachment. Unfortunately, targets that fall for the trap infect their own devices with Qakbot. The botnet then starts the cycle over again, using the new victim’s email contacts to find its next victims. 

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

The Russia/Ukraine Conflict Ups Phishing Danger

It’s extremely dangerous for businesses to have a botnet like Qakbot embedded within their systems because it’s a sure path to other cyberattacks. Botnets are an asset that bad actors of any type can use to hurt the organizations where they’re placed, and cybercriminals will pay for that kind of access. Cybercrime-as-a-Service is a huge industry, and a well-placed botnet is an asset that cybercriminals can use to make money through leasing it out. The people who lease it can use it for a wide array of purposes from business email compromise to espionage to deploying ransomware or other malware. That profit opportunity makes the initial time and resource investment to get it going worthwhile. 

Businesses should be especially on guard against sophisticated phishing attacks like this right now. Phishing volumes have been steadily rising, spurred on in the last month by the ongoing Russia/Ukraine conflict. Russia is a notorious home for cybercrime, responsible for 58% of all nation-state attacks in 2021. Cybercriminals aligned with Russia have been busy this year too, stepping up their already swift pace to exploit phishing and other cyberattack opportunities before and during the Russian invasion of Ukraine – Russian-based credential-harvesting phishing attacks have jumped eight-fold

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>

Email Dependence Drives Everyone’s Conversation Hijacking Risk Up

Although conversation hijacking is a bit more complex than generic phishing, it’s grown in popularity because of its effectiveness and versatility. Conversation hijacking attacks grew by almost 270% in 2021 alone over 2020’s numbers. That’s likely due to a combination of factors that has made today’s landscape ripe for exploitation. The high believability of conversation hijacking attacks creates a powerful lure, even for workers who are phishing savvy. Ongoing remote work creates an unusually good array of targets who are more likely to fall for phishing messages. The volume of email being set these days also opens up new vistas of opportunity for the bad guys. All in all, it’s a pretty good time to be a cybercriminal involved in phishing.  

Email phishing schemes like conversation hijacking are far too easy for bad actors to pull off in today’s email-dependent, cloud-focused workplaces, and phishing is the gateway to other, nastier cyberattacks. That makes protecting your company from phishing the fastest, easiest way to protect it from potentially devastating cyberattacks.  

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>

Don’t Give Cybercriminal a Chance to Join the Converstion

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too.    

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.    
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.     
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.    
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus