BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Hackers Increasingly Targeting Business Conversations

‘Conversation hijacking’ Seeks Sensitive Business Intelligence

Your employees probably know not to open unexpected file attachments or click on random links, but what if an attachment arrives as part of an email conversation with trusted colleagues?

Sophisticated hackers are using a technique known as “conversation hijacking” to insert themselves into business operations, gain insight into sensitive details, and exploit the information for financial gain. What should you know about this insidious form of cyberattack on businesses?

Conversation Jacking

Conversation Hijacking: Infiltrating Business Communications

New research indicates that the incidence of conversation hijacking increased by more than 400 percent in the second half of 2019 alone.

In a conversation hijacking attack, a hacker uses various methods for gaining access to business credentials — for instance, an email login. By using the phished information, the hacker then may join an existing email conversation by posing as someone already involved in the conversation.

Conversation hijacking attacks are mounted by hackers willing to invest significant time to gain access to sensitive information. The hacker may read through numerous emails and conduct research online to learn about business deals in progress or other potentially valuable information.

By gaining the trust of other people in the email thread, the hacker then can use a variety of techniques for gaining access to banking information and financial assets.

Forms of Conversation Hijacking

Conversation hijacking can take a number of different forms, with information coming from a range of different sources. Hackers may compromise email accounts through phishing or data breaches and use the stolen account information to stage account-takeover attacks.

A hacker then may spend time monitoring an email account — including ongoing message threads — to gain information about sensitive business details or financial arrangements. An attack may involve a hacker creating a fake domain similar to the real domains used by a company. In the case of domain impersonation, the goal is to create a domain similar enough to the real domain that unsuspecting employees click or download files without realizing the error.

Hackers also may impersonate the domain of a client, vendor or business partner to gain the trust of employees for the ultimate purpose of accessing financial accounts and information.

Protecting Your Business

Conversation hijacking can be more difficult to detect than other types of hacking, but you can take steps to protect your business, your employees and your clients and partners.

The most important step you can take is ensuring that your team members understand how conversation hijacking attacks work. They should always use caution when downloading files or clicking on links and take time to ensure that all information — including domain names — matches their expectations.

In addition, any requests for financial information or immediate payment should raise red flags and should be reported to your company’s accounting department. If an employee doubts the authenticity of an email, they can contact the sender by phone or by starting a new email thread with an email address known to be accurate. Employees also should report to your IT team any email conversations or other incidents that seem suspicious.

Additional security measures — including robust email filtering and inbox rules — also can help, and restricting macros within documents can limit the means for hackers to gain access to account information. Multi-factor authentication also can provide extra protection against sophisticated conversation hijacking attacks.

More Like This

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities

Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security …

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities Read More »

Read More

Can Ransomware Spread Through Business WiFi Networks?

Can Ransomware Spread Through WiFi? Ransomware has been a menace to businesses large and small for years, and the problem is only getting worse. One of the most insidious aspects of ransomware is its ability to spread through wifi networks, infecting multiple computers and devices. This can cause severe disruptions to business operations, as employees …

Can Ransomware Spread Through Business WiFi Networks? Read More »

Read More

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity …

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure Read More »

Read More