What are payload-less attacks? 3 ways to identify them

Payload-less attacks play a dangerous role in bypassing cybersecurity

Phishing emails have long since evolved from the early days of poorly spelled spam-attacks hinting at long-lost wealthy ancestors. While we at Bytagig often lament the flimsy strings of cybersecurity and how social-engineering scams circumvent even the most robust of protective systems, the reality is that people are aware of dangerous hacker attacks, especially in the form of phishing emails.

Woe to the malicious third parties, right? But, the song-and-dance of cybersecurity is a constant trade of highs and lows. When cybersecurity takes a step forward, bad actors take two more, so on and so forth. Therefore, these said bad actors craft even more dangerous phishing emails referred to as “payload-less attacks.”

What is a payload-less attack?

Bad actors are working on more sophisticated versions of phishing emails targeted at companies. Referred to as BEC (business email compromise), the idea is exactly as it sounds: to infiltrate business networks through email.

As the name suggests (payload-less attack), these email types are unique in that they contain no malicious links, content, or malware. Targets typically receive simple but customized messages in hopes to circumvent security.

The cost is quite significant too. As reported by the FBI, these attacks have cost the IT and cybersecurity industry $26 billion over the course of several years. This is despite taking up only about 5 percent of the total phishing scam economy. Despite this, they are one of the highest threats to a network, given their attention to detail and focus on constructing deceptive emails.

3 ways to identify payload-less attacks

So, now we come to the challenge of identifying and thwarting BEC attacks. This proves difficult, as unlike the traditional phishing email, these messages don’t carry obvious characteristics of poorly crafted scams.

According to research conducted on attacks (before the pandemic), key traits were found related to BEC messages:

Bitcoin extortion was common
Messages pertaining to false payroll updates
Messages relating to gift card fraud
Vast majority contained headers related to payment “assistance,” such as a request to help with a payroll problem before a certain time of day

Now, BEC and payload-less emails are centered around COVID-19, looking to exploit the pandemic for additional gain.

These attacks have risen considerably and often relate to Coronavirus aid or medical supplies. Given the concern over the pandemic, they are often successful in exploiting network security. Some of the scams include content related to the following:

WHO (World Health Organization) scams with false information about COVID-19
COVID-19 vaccinations and/or medical supplies
Stimulus aid related to COVID-19
Malware attacks related to Zoom

According to ThreatPost, these emails may appear to staff/users in the following ways:

Impersonating an admin, where an email attempts to replicate a message from an executive or admin requesting assistance with a problem, typically in a conversational, simple tone
Compromised vendor messengers, where the attacker has gained access to a vendor account and is sending messages from their email
Compromised employee messages, which are similar to vendor message save they appear as emails originating from a company staff member
Brand impersonation, whereby the message appears to originate from a trusted name brand such as Amazon or Google, with the use of URLs and names that appear valid (thus making them significantly harder to detect)

Protecting yourself and your network from payload-less attacks

The ingenuity of the aforementioned phishing attacks makes them harder to detect, mainly because they use trusted names and resources as a vector of attack. Protecting your network from them requires a stricter approach to cybersecurity.

Bytagig recommends: