Back to Blog

Hackers Steal Millions by Ditching Malware to Sidestep Security

February 23, 2018

By: mirabiliscorp

Capturar

by Dell Cameron

February 21, 2018

Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.

new report from IBM Security sheds light on ongoing campaigns being waged by “cyber con artists” employing a known scam called Business Email Compromise (BEC). These attacks take on many forms, but typically include fraud involving fake invoices, impersonation of high-ranking corporate officers, and the targeting of accounting or human resources staff to gather sensitive financial information, such as tax statements

The threats tracked by IBM’s global threat intelligence service, known as X-Force (insert Marvel Comics joke here), began by harvesting mass amounts of business user credentials, which in studied incidents enabled attackers to impersonate corporate officers authorized to make large fund transfers.

The compromised accounts were gathered largely using traditional phishing techniques.

In one case, an official-looking email sent to hundreds of corporate contacts appeared to contain a link to a business document. The targets were directed to a fake “DocuSign” website where they were first asked to log in using their email credentials. The attack targeted primarily personnel working in the company’s accounts payable department, the report says.

A key defense against this form of credential harvesting is implementing multi-factor authentication.

MORE: https://gizmodo.com/hackers-steal-millions-by-ditching-malware-to-sidestep-1823187933

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.