Hackers are getting more creative in using social engineerining to gain your trust and access your most critical data. This includes twitter posts, emails using supposedly real company names and other things you use only to create the idea you’re talking with a legitimate known person or company. Recently, hackers have begun to go bigger in trying to steal your data.
One of the bigger concerns emerging is the idea that hackers can spoof and replicate actual websites. Dubbed Adversary-in-The-Middle attacks (AiTM), these hackers start their attack like most cyber scams. By phishing for your social feeds and other sites their victims use, hackers can come up with a plan of attack to get you to let your guard down.
In this case, they spoof actual websites like Facebook or Amazon. After they get the information, they send a legitimate looking email to one of your accounts. They use a legitimate looking email to convince you that there is a problem with your account with a link to the supposed website. It’s a spoofed website and by clicking on it you essentially give them an opening to get into your files and more importantly your credentials. Once you put your credentials in, they can now do anything they want as they are shadowing your keystrokes.(1)
In an AiTM attack, once in hackers execute more sophisticated and more lucrative attacks, ranging from ransomware deployment to Business Email Compromise (BEC) scams. AiTM adversaries may also use the AiTM position for purposes of monitoring or modifying traffic, such as in Transmitted Data Manipulation. Further, attackers can set up a position like AiTM in order to impede traffic flows to intended destinations. This can impair defenses and/or support network denials of service.(2)
In turn, attackers can then execute more sophisticated and more lucrative attacks, ranging from ransomware deployment to Business Email Compromise (BEC) scams. AitM adversaries may also use the AiTM position for purposes of monitoring or modifying traffic, such as in Transmitted Data Manipulation. Further, attackers can set up a position similar to AitM in order to impede traffic flows to intended destinations. This can impair defenses and/or support network denials of service.(2)
Once they have everything, one of the most common scams is Business Email Compromises. They work in the sense they are spoofing someone you trust to send over funds to their accounts. In June 2023, dozens of global businesses were impacted by these types of attacks. According to Syngia, "Following a successful phishing attempt, the threat actor gained initial access to one of the victim employee's account and executed an 'adversary-in-the-middle' attack to bypass Office 365 authentication and gain persistence access to that account," Sygnia researchers said in a report shared with The Hacker News.
"Once gaining persistence, the threat actor exfiltrated data from the compromised account and used his access to spread the phishing attacks against other victim's employees along with several external targeted organizations." Hacker News also reported that Microsoft had reported breaches in their 365 software, but the attacks were deemed to be two completely different incidents.” (3)
In a recent attack of one of our clients, they wrongly went to the wrong website that looked exactly like the website they were looking for. While on the site they were prompted for MFA which was sent to them. At the same time the hacker was on the real site and copied the MFA code and entered in. Later the Hacker withdrew over $800,000 and the owner of the bank account was none the wiser.
To protect yourself from these attacks, there are some steps your organization can take:
- Adopting Anti-phishing practices: Companies should train their employees what to look for and to maintain awareness programs to identify what is phishing or not.
- Only logon to website directly and not from an email.
- Bookmark your favorite sites to avoid mistyping a website.
- System monitoring: Companies should implement ways to monitor suspicious activities. There should also be a limited amount of people with the ability to revoke access to accounts if there is an issue.
- Set Parameters: By limiting what websites your employees can access you greatly decrease the chances of someone trying to use them to get your data.
Hackers are getting smarter every day, even as companies continue to evolve to meet said hacks. By being able to get into your systems without you knowing, they can cause millions of dollars in damages. Keeping your employees in the loop regarding what to look for is one of the best methods to protect yourself from these attacks.
