As we have predicted, hackers are eagerly (and successfully) branching out to verticals outside the financial sector. Below we demonstrate how a malware attack was executed under the name of a government agency, targeting the finance department of an enterprise.
The attack starts with an email allegedly coming from a government agency.
In this case, a Colombian agency called DIAN (equivalent to the IRS in the U.S.) appears to be contacting members of the finance department in a corporation. In very professional language, the email states that the Company’s TAX ID has been suspended, and advises the user to download and fill out the attached documents. To make it appear even more authentic, the email is signed by a person who legitimately works for the agency, according to the leadership page on the agency’s site.
English translation shown below.
Upon downloading the attached files, the user will not see anything happening on the screen but the attack drops instantly. During those milliseconds, the user’s machine is infected and the attack is set up, where the breach of information is made possible. Imagine your company’s CFO, Finance Director or Accounting Manager’s files and emails being exposed to hackers and potentially for sale on black markets. Every single plan for mergers and acquisitions, company valuation, shareholder information, employee salaries, customer contracts and more is now exposed.
What do hackers do with this information?
If you are the Sony hackers, you make this information public, to embarrass and create havoc for the company. But many hackers are more interested in making money than they are in getting public recognition. They will find a way to make money from your data, probably by breaking it up and selling it to someone who finds each piece of information valuable. Additionally, for public companies, the information can be used to play the market – a form of ‘insider trading’ with no limit to the amount of money that can be made by market manipulation.
Financial institutions are getting smarter about fighting fraud. They are deploying multi-layered protection, and as a result, stealing credit card data or launching direct attacks on these institutions and customer bases is becoming increasingly complex. This is forcing hackers to look for alternative sources of financial gains. In 2015, we are forecasting an increase in this type of attack outside of the financial sector. Look for attacks to expand into other verticals, including pharmaceutical companies, airlines, hotels, as well as into the lines of businesses within the enterprise.