The approach is very simple: what would you do if you received a message from your boss with the subject: help? Would you open it? Do not? Most likely, given the exceptional nature of the situation, you will spend some time on it. Maybe no more than a minute, but the mere fact that your superior may be requesting information or money It is more than suggestive. So, you click on the email and … the cyber attack is unleashed.

Broadly speaking, this is how it works CEO scam, a type of scam in which the identity of your boss is impersonated to access a company’s computer systems. Although this sounds like science fiction, the reality is that there is already the odd precedent. For example, In 2019, a group of hackers managed to steal four million euros from the Valencia EMT in this way. And, lately, we are living it from time to time because of the health crisis caused by COVID-19.

The last great feat of these criminals is related, precisely, to their vaccine: the pharmaceutical group Zendal, which was going to develop its facilities in Galicia, has also suffered a loss of nine million euros through this practice.

If for something this technique of Business email compromise(BEC) is due to the high personalization presented by the sent emails. They perfectly reproduce the tone and type of relationship that each worker maintains with his boss, which makes everything pay maximum veracity. Who can think that a scam may be hidden behind a help message?

Therefore, it requires a prior control of the company. Sometimes they even introduce a malicious program to get more information about it. The criminal then has two options: use email or make a call to request the diversion of certain funds to a specific account that, in a matter of minutes, would be emptied.

If the first option is chosen, it is possible that the worker will realize that it is not an institutional email, so the second option is more effective. That is, what would you do if your superior called you and asked you directly to carry out a certain banking operation? You do it at the moment. To do this, all that is required is to know the name of the employee and his telephone number.

Variantes de ‘Man in the middle’

According Kaspersky, in the most common MiTM attack, a WiFi router is used to intercept user communications. “This can be done by configuring the malicious router to look legitimate or by attacking a bug in it and intercepting the user’s session. In the first case, the attacker configures his computer or other device to act as a WiFi network, naming it as if it were a public network (of an airport or a cafeteria). Afterwards, the user connects to the router and searches for banking or online shopping pages, the criminal capturing the victim’s credentials to use them later ”, they assure. In the second case, a criminal finds a vulnerability in the encryption system settings of a legitimate WiFi and uses it to intercept communications between the user and the router. “This is the more complex method of the two, but also the most effective; since the attacker has continuous access to the router for hours or days. Also, he can sneak around sessions silently without the victim being aware of anything. “

A more recent variant of this type of attack is the man-in-the-browser attack. In this context, the cybercriminal uses a series of methods to insert malicious code on the victim’s computer, which works within the browser. East malware silently records the data sent between the browser and the pages. These attacks have gained in popularity because they allow the criminal to attack a larger group of victims without the need to be close to them.

Categorized in:

Technology

Tagged in: