FEATURE

The latest attacks and

how to stop them
Chris Ross, Barracuda Networks
Chris Ross
Since the first email was sent way back in 1971, you’d think that we would be
more informed and prepared for email-focused attacks by now. However, email
remains the number one way for threats to enter your network, with research
suggesting nearly three quarters (74%) of attacks enter this way.1 defences, including some clever phishing
campaigns where the most effective line of
In fact, some think it’s got worse. Other out attacks. Verizon research suggests defence is the human firewall.
research among IT decision-makers that phishing is responsible for 93% of And attacks are increasing. In May
revealed that 70% of IT profession- all attacks.3 2018, Barracuda blocked over 1.5 million
als were more concerned about email It seems that as soon as organisations phishing emails and 10,000 unique phish-
security now than five years ago.2 This implement social engineering training ing attempts. Halfway through June, the
is unsurprising, given the context of and technology to act as a line of defence figure had risen to 1.7 million phishing
everyday cyber criminals using emails as against one type of attack, cyber criminals emails with over 2,000 unique attempts.
one of their main weapons in carrying develop a new attack that bypasses existing Unfortunately the scale and variety of
these attacks is only continuing to grow.
So let’s explore the latest methods that
these criminals are using to infiltrate
networks all around the world, and give
some key tips in spotting these attempts
and how to successfully combat them.

Figure 1: The impacts The money scam

of email-based security
threats. Source: Barracuda
Networks. In the example shown in Figure 1, the
criminals are attempting to entice the
recipient with a money scam, which
is pretty much what it sounds like.
The intent here is to scam users out of
money, but in similar attempts we’ve
also seen criminals set out to acquire
information or infect a computer with
malware.
Money scams like this are fairly com-
mon and they often promise a large sum
of money to the user, as in this case.
When the recipient replies, the criminals
usually request a smaller sum from the
user and in return promise to send a
larger sum back – which of course never
happens.

Information scam
The next example highlights an attempt-
Figure 2: An example email attack.
ed information phishing scam where

11
November 2018 Computer Fraud & Security
 FEATURE

criminals are hoping to gather informa-

tion from the user. Criminals are always
trying to gather information from users
and in Figure 3 we can see a spoofed
bank message is used to convince the
user to act on their request.
The criminals did a decent job of
Figure 3: An attempt to gain making this message appear like it
information – in this case the
victim’s login credentials. could actually be coming from a bank.
However, if the user clicks on the link,
he or she could be prompted to enter
their credentials in a different window –
ultimately surrendering their username
and password.

Malware distribution
Another common problem users face
from phishing is the distribution of mal-
ware. The goal of these messages is to
trick a user into either opening an attach-
ment (like the example in Figure 4) or
clicking on a URL.
As you can see with this example, the
criminals are trying to convince the user
to open an attachment by acting as if
the document is pertaining to an urgent
matter. In order for the malware to
Figure 4: Here the attacker is trying to persuade the recipient into opening the attachment. work, criminals have to get the user to
install the software on their computer.
Malware can be distributed in many
forms, including viruses, worms, bots,
ransomware, password stealers and more.

Multiple file extensions

As mentioned above, phishing attempts
often require a user to open an attachment
in order to install malware. However,
Figure 5: An attack using multiple file extensions. there are a lot of different ways criminals
attempt to convince users to do this. One
way is that they will include attachments
with multiple file extensions in an attempt
to trick users into thinking that the file
type is different from what it actually is.
In Figure 5 the criminals are using a
‘PDF.zip’ file extension, which should
raise a red flag to the user because they
are two different file types; however, this
could easily be overlooked since they are
also file types that most people would
Figure 6: This malicious link is cleverly disguised.
find familiar.

12
Computer Fraud & Security November 2018
 FEATURE

Disguised links
Not all threats come in the form of
email attachments, which is why links
should also be handled with just as
much scrutiny. Figure 6 shows exactly
why.
The link itself doesn’t look suspicious:
however, the link actually points to an
entirely different URL (as shown at the
bottom of the image). Links like this are
not only used to spread malware, they
can also direct users to sites set up by
criminals in order to capture credentials
or other personal information. When
unsure it’s best to not click on a link.
You can hover the cursor over the link
without clicking, to identify the actual
Figure 7: Criminals often register look-alike domains in order to appear legitimate.
location of a link.

Spear-phishing
While phishing refers to mass targeting,
spear-phishing messages are specifically
crafted to target a single, specific indi-
vidual in order to create a sense of trust
with that person. Spear-phishing attempts
regularly use impersonation techniques
to convince recipients that the message is
coming from a real source. Figure 8: Here the criminals pretend that they are an internal employee who needs to send an
Effective spear-phishing takes a great urgent wire transfer.
deal of reconnaissance about the target
in order to increase the probability of
a user actually falling for the attack.
Figure 7 shows an example where the
criminals actually took the time to reg-
ister a deceptive domain that contains
the name of an actual entity in order to
appear legitimate.
They obviously want the message to
appear like it’s coming from Netflix;
however, if you look closely at the URL
Figure 9: This email attack tries to persuade the recipient to click on a well disguised link.
– you’ll notice that ‘Netfliix’ is actually
misspelled. This technique is called typos-
quatting, which is often used to sell the
ruse when the attacker wants the user to
click a link.

Wire transfer
Research that analysed 3,000 busi- Figure 10: This email attack starts subtly, with the attackers building up a rapport with the
respondent before revealing their true intentions.
ness email compromise (BEC) attacks

13
November 2018 Computer Fraud & Security
 FEATURE
Anti-phishing tips
• Here are a few quick tips to
help avoid phishing scams:
• Wire transfers should never
go out without an in-person
conversation or phone call. Use
additional care with phone calls
if the only contact information
is included in the potentially
fraudulent email.
• Don’t click on attachments or
URLs from unknown sources.
Sometimes even sources that
you think are safe could have
been impersonated by criminals.
If there’s ever a question of
legitimacy, you can always go to
the site directly in your browser.
• Attachments and emails with
attachments should always be
treated with care because with
much of the malware being dis-
tributed today simply opening
a single file can result in your
computer being infected almost
instantly. Attachments may pro-
vide some indicators.
• Many information scams claim
that an email login is required
to access some resource or
document. A good practice is to
never enter login credentials on
a page that was reached via an
email link, regardless of whether
or not the email was legitimate.
Instead, go to the site directly in
your browser to log in.
• Money scams are notorious for
displaying poor grammar and
in many cases the language used
could appear to be coming from
someone who may be writing
English as a second language.
Just remember, if something
sounds too good to be true – it
probably is.
showed that 47% of the attacks had a
main objective of getting the recipient
to carry out a wire transfer.4 About 40%
of attacks ask the recipient to click on
14
Computer Fraud & Security November 2018
a link, as you can see in Figure 8, and
12% of attacks try to establish rapport
with the target by starting a conversation
with the recipient (eg, the attacker will
ask the recipient whether they are avail-
able for an urgent task). With these rap-
port emails, in the vast majority of cases,
after the initial email is responded to the
attacker will ask the victim to carry out a
wire transfer.
However, an important observation
is that about 60% of BEC attacks do
not involve a link: the attack is simply
a plain text email intended to fool the
recipient to commit a wire transfer or
send sensitive information. These plain
text emails are especially difficult for
existing email security systems, because
they are often sent from legitimate
email accounts, tailored to each recipi-
ent and do not contain any suspicious
links.
“Simulated attack training
is by far the most effective
form of training, as it helps
humans recognise the
subtle clues”
All of these examples are just a small
sample of the many variations of the
scams that criminals are sending out
each day, but these examples certainly
make the case for why today’s users need
to be properly trained in order to stay
safe online.
Beating the bad guys
The best defence against phishing and
spear-phishing is to make users aware
of the threats and techniques used by
criminals. A few tips are included (see
box) based on the examples above;
however, the best approach would
be for organisations to implement a
simulation and training programme to
improve security awareness for their
users.
Employees should be regularly trained
and tested to increase their security
awareness of various targeted attacks.
Simulated attack training is by far the
most effective form of training, as it
helps humans recognise the subtle clues
to identify phishing attempts and gives
employees a baseline understanding of
the latest techniques that attackers are
using.
About the author
Chris Ross is SVP international for
Barracuda Networks. He has extensive
international experience as a general
manager and VP of sales for both leading
industry names and emerging technol-
ogy companies. He currently manages
Barracuda Network’s business across
Europe, Middle East, Africa, Asia Pacific
and Japan. Ross joined Barracuda in
April 2015. Before that, he served as
vice-president worldwide sales of Arcserve,
a storage software company responsible for
sales and marketing.
References
1. Ross, Chris. ‘Could complacency be
setting in when it comes to ransom-
ware?’. Barracuda Networks, 25 Jul
2018. Accessed Oct 2018. https://
blog.barracuda.com/2018/07/25/
could-complacency-be-setting-in-
when-it-comes-to-ransomware/.
2. Ross, Chris. ‘Weighing up the email
security threat in EMEA’. Barracuda
Networks, 11 Jun 2018. Accessed
Oct 2018. https://blog.barracuda.
com/2018/06/11/weighing-up-the-
email-security-threat-in-emea/.
3. ‘2018 Data breach investigations
report’. Verizon, 10 Apr 2018.
Accessed Oct 2018. www.verizonen-
terprise.com/verizon-insights-lab/
dbir/.
4. Cidon, Asaf. ‘Threat Spotlight:
Barracuda Study of 3,000 Attacks
Reveals BEC Targets Different
Departments’. Barracuda Networks,
20 Aug 2018. Accessed Oct
2018. https://blog.barracuda.
com/2018/08/30/threat-spotlight-
barracuda-study-of-3000-attacks-
reveals-bec-targets-different-depart-
ments/.