Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Business emails a rising popular target for phishing attacks

By Raymond Lau - on 28 Aug 2019, 11:01am

Business emails a rising popular target for phishing attacks

Cyberthreat actors are becoming more creative in their attempts to use social engineering to infiltrate businesses through email, a new report has found.

According to the Financial Services Information Sharing and Analysis Centre (FS-ISAC), a non-profit industry consortium representing 7,000 member institutions in the global financial industry, there has been a “significant increases” business email compromise attempts. 

These usually take the form of invoice scams and spear phishing spoof attacks. They target the group of users who are traditionally the weakest link in an organisation's cybersecurity defences: the end-user.

Unsuspecting or un-alert users in any organisation can fall prey to seemingly official-looking emails, such as fake Office 365 emails requesting for password changes. By following malicious instructions, they can unwittingly open the doors of their organisation to hackers. 

“Threat actors have changed the way that they operate,” said Brian Hansen, executive director, FS-ISAC Asia Pacific, “We are seeing more time spent on preparation and reconnaissance prior to initiating attacks to ensure attacks are successful and against the best targets, be it a person or information system on a network. These actors are also increasing collaboration on the dark web, selling and seeking services that can be used against financial institutions.”

Financial institutions are also increasingly concerned about the residual impact of attacks on third-party service providers. For example, hackers used a compromised version of the ASUS Live Update tool to distribute malware earlier this year. Around a million users worldwide may have been affected, including indirect penetration into devices used in financial institutions.

Hansen added, “With (threat actors) banding together, it is imperative for financial institutions in Asia to embrace information sharing. They must work with each other across national boundaries to protect themselves and, more importantly, the public they serve.”

Loading...