https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Sponsor Content

OneDrive

Hackers Get Personal with Phishing and Conversation Hijacking Attacks

  • March 22, 2018
CHAs undermine user awareness prevention measures and put the user--and, by extension, their entire organization--in a very precarious position.

By now, most of us know you should never click on links or attachments in unsolicited emails, as this is a common method for distributing malware infections. But what happens when the attackers undermine that security measure? When the attachment comes as an actual reply to a conversation you were just having with an associate at an organization you know and trust? This type of attack undermines user awareness prevention measures and puts the user–and, by extension, their entire organization–in a very precarious position.

That’s what makes the current trend of Conversation Hijacking Attacks–or CHAs–so disturbing and one that deserves some serious consideration.

What is a Conversation Hijacking Attack?

A CHA begins with the attackers sending a slew of emails that lead the end user to a well-crafted phishing page. From there, end users are instructed to select their email provider of choice. Once they do they are led to another page where their login credentials are gathered.

 

Now that the attackers have gathered credentials for thousands of email accounts, they launch attacks from those accounts by logging in and sending “replies” to prior conversations in that user’s inbox. These are mostly just a vague response to the last message of an ongoing thread with something like “please look this over” in the body and a malware attachment, which usually takes the form of a Word document with an embedded VBA macro.

Of course, even the most cautious and vigilant of users are far more likely to open an attachment delivered in this manner than one coming from an unknown source.

The attack chain ultimately leads to an end user–and potentially the end user’s network–being infected with some form of banking trojan. The majority of samples we’ve analyzed in these attacks have displayed Gozi banking trojan indicators, while some also have exhibited Emotet indicators (another banking trojan). While the payload may differ, one thing is clear: These attackers have financial and data theft in mind.

The Trend Continues …

We began seeing this type of attack really ramp up mid-year of 2017, and the attacks have certainly sustained into current day. Throughout this time we have seen the attackers alternate their efforts between gathering credentials with phishing emails and leveraging those compromised accounts with the malware delivery phase. Since the beginning of 2018 we have seen tens of thousands of malicious CHA message’s hitting AppRiver’s filter.

What to Do about It

Protecting your organization from such an attack can seem somewhat daunting, and some may not know where to start. As with many other cyber-threats today, it is best to remember that there is no single solution to protect yourself. Instead remember, that you will need to take a multi-layer security approach to fortify your defenses.

A Few Pointers to Get You Started

  • Implement additional security at the email level. This might include adding additional filtering or tightening down existing filters.
  • Consider banning macro-enabled documents inbound to your entire organization as they are very commonly used to deliver infections. If you need to receive them legitimately, then you can easily develop protocols for that.
  • Since this attack tends to trick some of the savviest users, you should educate your employees about these attacks. 

Troy Gill, GPEN, is a Senior Security Analyst at AppRiver. Gill is primarily responsible for evaluating security controls and identifying potential risks. He provides advice, research support, project management services, and information security expertise to assist in designing security solutions for new and existing applications.

This guest blog is part of a Channel Futures sponsorship.

 

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Cloud From the Industry Security AppRiver Sponsor Content

Related


  • AppRiver December Image
    A Holiday Toast to IT Professionals
    With the holiday season in full swing, AppRiver would like to take this time to give a holiday toast to all those who work day and night to keep networks safe and secure. We raise our glass to those who protect their clients’ networks–and reputation–from cybercriminals looking to steal joy (and data). So, here’s to […]
  • office
    How Secure Is Office 365? (Hint: It Could Be Better)
    Businesses need to look beyond what comes in the box and consider the liability that comes with too little protection.
  • Man sitting at computer
    Opening Emails Has Never Been So Scary
    Organizations should have an email security solution that automatically detects and blocks advanced targeted spear phishing attempts.
  • mktg-wp-nolabel5
    Spear Phishing: Understand, Analyze, and Prevent
    Both phishing and spear phishing attacks are focused on acquiring confidential information. Phishing is a broader term for any attempt to trick victims into sharing private data and credentials. Spear phishing is a more sophisticated technique that targets a specific individual or group with some sort of “individualized” details in the message. Spear phishing is […]

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • The MSP’s Guide to Protecting Clients from Ransomware
  • How Microsoft Partners Look to Redefine the Way Microsoft Sells, Delivers Technology in Cloud World
  • Ransomware: Understand, Analyze
  • Layer by Layer: Protecting Email from Attack in Office 365

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021
  • 1

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Chinese hacker group #HAFNIUM exploits critical @MSFTExchange Server vulnerability, could impact thousands.… twitter.com/i/web/status/1…

March 7, 2021
ChannelFutures

Our latest #Cybersecurity Roundup highlights #CPVirtual, @Huntresslabs, @Entrust_Corp and @InsightEnt.… twitter.com/i/web/status/1…

March 5, 2021
ChannelFutures

RT @Channel_Expo: A HUGE thank you to our amazing #CPVirtual sponsors and exhibitors! 👏 @ATTBusiness @DellTech @8x8 @lumentechco @telarus @…

March 5, 2021
ChannelFutures

.@okta acquiring rival @auth0 in $6.5 billion all-stock transaction. #security dlvr.it/Rtzwdp https://t.co/4LvHCJuwsR

March 4, 2021
ChannelFutures

.@MicrosoftTeams features are coming to @MSFTDynamics365, the company announced at @MS_Ignite. #MicrosoftIgnite… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@PreciselyData acquired by Clearlake Capital, @TAAssociates. #digitaltransformation dlvr.it/RtzbKg https://t.co/1rNYnTScxq

March 4, 2021
ChannelFutures

Thanks for attending #CPVirtual. Here's a Day 3 wrap and a look ahead to #CPExpo Homecoming in November!… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

.@Veeam announces six annual Impact Partner Awards, with @SHI_Intl, @LogicalisUS, more. #cloud… twitter.com/i/web/status/1…

March 4, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X