Payload-less attacks play a dangerous role in bypassing cybersecurity
Phishing emails have long since evolved from the early days of poorly spelled spam-attacks hinting at long-lost wealthy ancestors. While we at Bytagig often lament the flimsy strings of cybersecurity and how social-engineering scams circumvent even the most robust of protective systems, the reality is that people are aware of dangerous hacker attacks, especially in the form of phishing emails.
Woe to the malicious third parties, right? But, the song-and-dance of cybersecurity is a constant trade of highs and lows. When cybersecurity takes a step forward, bad actors take two more, so on and so forth. Therefore, these said bad actors craft even more dangerous phishing emails referred to as “payload-less attacks.”
What is a payload-less attack?
Bad actors are working on more sophisticated versions of phishing emails targeted at companies. Referred to as BEC (business email compromise), the idea is exactly as it sounds: to infiltrate business networks through email.
As the name suggests (payload-less attack), these email types are unique in that they contain no malicious links, content, or malware. Targets typically receive simple but customized messages in hopes to circumvent security.
The cost is quite significant too. As reported by the FBI, these attacks have cost the IT and cybersecurity industry $26 billion over the course of several years. This is despite taking up only about 5 percent of the total phishing scam economy. Despite this, they are one of the highest threats to a network, given their attention to detail and focus on constructing deceptive emails.
3 ways to identify payload-less attacks
So, now we come to the challenge of identifying and thwarting BEC attacks. This proves difficult, as unlike the traditional phishing email, these messages don’t carry obvious characteristics of poorly crafted scams.
According to research conducted on attacks (before the pandemic), key traits were found related to BEC messages:
- Bitcoin extortion was common
- Messages pertaining to false payroll updates
- Messages relating to gift card fraud
- Vast majority contained headers related to payment “assistance,” such as a request to help with a payroll problem before a certain time of day
Now, BEC and payload-less emails are centered around COVID-19, looking to exploit the pandemic for additional gain.
These attacks have risen considerably and often relate to Coronavirus aid or medical supplies. Given the concern over the pandemic, they are often successful in exploiting network security. Some of the scams include content related to the following:
- WHO (World Health Organization) scams with false information about COVID-19
- COVID-19 vaccinations and/or medical supplies
- Stimulus aid related to COVID-19
- Malware attacks related to Zoom
According to ThreatPost, these emails may appear to staff/users in the following ways:
- Impersonating an admin, where an email attempts to replicate a message from an executive or admin requesting assistance with a problem, typically in a conversational, simple tone
- Compromised vendor messengers, where the attacker has gained access to a vendor account and is sending messages from their email
- Compromised employee messages, which are similar to vendor message save they appear as emails originating from a company staff member
- Brand impersonation, whereby the message appears to originate from a trusted name brand such as Amazon or Google, with the use of URLs and names that appear valid (thus making them significantly harder to detect)
Protecting yourself and your network from payload-less attacks
The ingenuity of the aforementioned phishing attacks makes them harder to detect, mainly because they use trusted names and resources as a vector of attack. Protecting your network from them requires a stricter approach to cybersecurity.
- Using a zero-trust policy when it comes to emails from trusted sources
- Revamping communication and how it’s done, by who
- Making it clear when messages are sent and received by executives
- Creating a layered network to mitigate potential damage in case of intrusion
You can also reach out to Bytagig for additional information regarding MSP cybersecurity options.