Avoid a Whaling Attack: Recognizing 3 Common Security Risks

  Greg LaBrie     Dec 22, 2016

whaling-common-security-risks.jpgWe recently discussed an emerging cyber threat called whaling, a new highly-targeted phishing tactic that’s threatening enterprises’ most valuable employees: the C-Suite. While whaling is similar to any other phishing or spam email scam, it’s a tactical approach that takes its time by targeting high-level executives by leveraging what seems to be legitimate business correspondence. How can you recognize a whaling attack before it infiltrates your organization? Read this post to get to know the common security risks.

 

A Real-Life Whaling Case

Put yourself in this finance executive’s shoes: Your new CEO emails you to request a $3 million payment for a new international vendor ASAP. It’s a chaotic time at your organization due to the firing of a previous vendor, so it makes sense that the team is looking for new partners. The transaction requires two executive approvals. Your CEO provided the first and you are tasked to provide the second, so you review and execute the transaction immediately.

A few hours later, you see your CEO in person and advise him that the funds were transferred as requested. It turns out he didn’t make the request, and the email was fake. He is shocked and can’t believe you just wired $3 million to an untraceable offshore account.

This was Mattel’s real-life horror story in April 2015, as the Associated Press reported. Although the money was returned, this threat was too close for comfort, and many organizations have not been so lucky. The following three scenarios are the most common ways whaling attacks can infiltrate your enterprise.

Catching a Whale: 3 Most Common Security Risks

1. Clicking on Unsolicited Email or a Malicious Link
While enticing companies to respond to an unsolicited email is a relatively unsophisticated tactic from a technology perspective, it may be the simplest point of entry for the attack. The next step might be to launch malicious software (malware) to run wild on corporate networks. This malware can record characters typed on a keyboard to steal intellectual property or user login credentials, may take screenshots of the user’s screen or steal files. The malware often sends the information to the attacker through the enterprise firewall in ways that mimic normal network traffic, perhaps by using email or file transfer software.

Other malware may be designed to interrupt business operations by wreaking havoc on networks and systems, or even by causing physical damage to laptops, servers and company equipment.

2.Opening a Strange Attachment
In other whaling cases, rather than clicking on a bad link, the victim opens a malicious email attachment that downloads malware onto the victim’s computer. For instance, a recent powerful crypto-ransomware nicknamed “Locky” was initiated through a Microsoft Word macro. When used as intended, macros allow users to program simple repetitive actions. Although macros are disabled in Microsoft Word by default, the user who tries to open a malicious Word document, sometimes disguised as an invoice, is advised that macros must be enabled to display the document. Once enabled, a macro downloads and runs the ransomware program. It then encrypts and prevents access to local files as well as those on the user’s network shared drives.

In this example, Locky demands the Bitcoin equivalent to $2,100 to decrypt and unlock a computer. Adobe Acrobat files and other file types can also potentially launch malware code.

3. Getting Tricked on Social Media

Social engineering is the practice of using information about an individual to craft a specific attack against them, with social media sites being the primary source of information for scammers. No matter how hard platforms fight to control them, fake profiles are prolific. In fact, Facebook admitted to 83 million fake profiles last year. Just as phishing emails are more difficult to identify compared to a few years ago, fake social media profiles are also getting more complex. Attackers go to great lengths to establish the appearance of legitimacy. For instance, Dell SecureWorks recently identified a network of 25 fake LinkedIn profiles that had endorsed and recommended each other and thus earned credibility with hundreds of authentic LinkedIn users.

It is this first malware infection that provides hackers with the information they need to successfully pull off a whaling attack. While ransomware can sometimes provide hackers with hundreds of thousands of small payments, or larger sums in the form of bitcoin, the intention of a whaling attack is to receive a large lump sum of money in a single effort, often reaching the millions.

Complex phishing in the form of whaling is not a new technique, and companies of all sizes should plan for this potential cyber security threat in 2017. For more advice on ways you can protect the executives at your organization, contact us today.

Tags  cyber security data security security strategy IT Security

Greg LaBrie

Written by Greg LaBrie

Greg LaBrie has more than twenty years of network architecture and engineering experience designing networks that exceed technical requirements, improve operational proficiency and reduce total costs of ownership. As the Director of Technology Solutions for WEI, Greg is responsible for building WEI practices in the areas of Data Center Infrastructure, Storage, Backup & Recovery, Networking & Security and Cloud & Virtualization. Greg holds a number of technical certifications for HPE, Cisco, Fortinet, and much more.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


Categories

see all
Contact Us