BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Hackers Increasingly Targeting Business Conversations

‘Conversation hijacking’ Seeks Sensitive Business Intelligence

Your employees probably know not to open unexpected file attachments or click on random links, but what if an attachment arrives as part of an email conversation with trusted colleagues?

Sophisticated hackers are using a technique known as “conversation hijacking” to insert themselves into business operations, gain insight into sensitive details, and exploit the information for financial gain. What should you know about this insidious form of cyberattack on businesses?

Conversation Jacking

Conversation Hijacking: Infiltrating Business Communications

New research indicates that the incidence of conversation hijacking increased by more than 400 percent in the second half of 2019 alone.

In a conversation hijacking attack, a hacker uses various methods for gaining access to business credentials — for instance, an email login. By using the phished information, the hacker then may join an existing email conversation by posing as someone already involved in the conversation.

Conversation hijacking attacks are mounted by hackers willing to invest significant time to gain access to sensitive information. The hacker may read through numerous emails and conduct research online to learn about business deals in progress or other potentially valuable information.

By gaining the trust of other people in the email thread, the hacker then can use a variety of techniques for gaining access to banking information and financial assets.

Forms of Conversation Hijacking

Conversation hijacking can take a number of different forms, with information coming from a range of different sources. Hackers may compromise email accounts through phishing or data breaches and use the stolen account information to stage account-takeover attacks.

A hacker then may spend time monitoring an email account — including ongoing message threads — to gain information about sensitive business details or financial arrangements. An attack may involve a hacker creating a fake domain similar to the real domains used by a company. In the case of domain impersonation, the goal is to create a domain similar enough to the real domain that unsuspecting employees click or download files without realizing the error.

Hackers also may impersonate the domain of a client, vendor or business partner to gain the trust of employees for the ultimate purpose of accessing financial accounts and information.

Protecting Your Business

Conversation hijacking can be more difficult to detect than other types of hacking, but you can take steps to protect your business, your employees and your clients and partners.

The most important step you can take is ensuring that your team members understand how conversation hijacking attacks work. They should always use caution when downloading files or clicking on links and take time to ensure that all information — including domain names — matches their expectations.

In addition, any requests for financial information or immediate payment should raise red flags and should be reported to your company’s accounting department. If an employee doubts the authenticity of an email, they can contact the sender by phone or by starting a new email thread with an email address known to be accurate. Employees also should report to your IT team any email conversations or other incidents that seem suspicious.

Additional security measures — including robust email filtering and inbox rules — also can help, and restricting macros within documents can limit the means for hackers to gain access to account information. Multi-factor authentication also can provide extra protection against sophisticated conversation hijacking attacks.

More Like This

AA21-209A: Top Routinely Exploited Vulnerabilities

Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).  This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities …

AA21-209A: Top Routinely Exploited Vulnerabilities Read More »

Read More

How New Windows Server 2022 Features Improve Hybrid Integration and Security

How New Windows Server 2022 Features Improve Hybrid Integration and Security Microsoft recently announced the preview of the latest Windows Server. The new release comes with several key features, such as Azure automanage (hotpatching) and virtualization-based security (VBS). Windows Server 2022 allows users to leverage the cloud to maximize uptime and keep virtual machines (VMs) …

How New Windows Server 2022 Features Improve Hybrid Integration and Security Read More »

Read More

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided in this advisory in 2012 to affected organizations and …

AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013 Read More »

Read More

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S.

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. America’s critical infrastructure, the Federal government, and commercial institutions are undoubtedly under attack. The sophisticated cyber threats facing the country emanate from various parts of the world. A wide selection of state actors and hacker groups are working tirelessly to paralyze …

Uncovering the Complexity and Potential Future Trends of Cyber Threats Faced by the U.S. Read More »

Read More

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This advisory provides APT40’s tactics, techniques, and procedures (TTPs) and …

AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department Read More »

Read More

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques. The National Security Agency, Cybersecurity …

AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs Read More »

Read More