<div>The explosive growth of smartphones and tablets have kept cybercriminals commensurately busy in 2012 and there is scope for more to come in 2013. The very latest one, keeping with times, carries out social engineering attacks, says a Symantec report.<br /><br />India is one of the biggest mobile phone markets in the world, with 860 million mobile subscribers. A recent Symantec report found that 69 per cent Indians connect to the internet with their mobile phones. Last year, across the world mobile malware increased by 58 per cent, and 50 per cent of mobile malware created in 2012 attempted to steal information or track movements, according to the latest Symantec Internet Security Threat Report volume 18. But the biggest threat so far in 2013 has been the social engineering attack.<br /><br />In April 2013, Symantec was alerted to a series of sophisticated social-engineering attacks. India ranked among the top 10 countries in the world targeted by this new threat and this is how it works:<br /><br />The victim receives a phone call from the attacker who impersonates an employee or business associate, asking them in French to process an invoice received via email. However, the email typically contains a malicious link or an attachment, which is actually a variant of W32.Shadesrat, a Remote Access Trojan (RAT). W32.Shadesrat (a.k.a. Blackshades) is used by a variety of attackers of varying skill levels. A publically available Trojan, it can be licensed for as little as $40-$100 a year. In June 2012, as part of a global sting operation carried out by the FBI, one of the contributors to the Blackshades project, Michael Hogue (a.k.a. xVisceral), was arrested. However, this RAT is still under active development.<br /><br />These attacks began as early as February 2013 though it was only in April that phone calls were placed before sending the victim the phishing email, possibly to increase the chances of success. This reflects that even as spam and phishing continue to grow in volume, they are becoming more targeted. According to Symantec’s Internet Security Threat Report, It was estimated that 280 million spam messages were disseminated from India in 2012. For Indian SMBs, one in 661 emails is a phishing email and one in 248 emails carries a virus.<br /><br />The victims of these attacks generally tend to be accountants or employees working within the financial department of organisations, providing access to sensitive company account information. These employees may also have the authority to facilitate transactions on behalf of the organisation. Since handling invoices is something they would do on a regular basis, this lure has the potential to be quite convincing. The employees would also provide a useful source of information to use in subsequent social-engineering attacks. Invoices and contract agreements would provide the attacker with all of the elements (email, phone, and relevant purchase/sales agreements) to continue executing these well prepared attacks.<br /><br />Each element of this attack requires careful planning and contributes to the overall success rate of the attack. The obviously carry out a close study of the target and obtain not just the email ID but phone number as well.<br /><br /><strong>How Can Users & Organisations Protect Themselves?</strong><br />These attacks are continuing to this day and organisations need to be aware of these increasingly sophisticated social-engineering attacks. The attacker may have limited information, so asking additional questions on a call may help to determine the legitimacy of the request. Organisations also need to be aware that personally identifiable employee information that exists outside of your enterprise, even in the form of an invoice, can be used against you if a business associate becomes compromised. Employees working with very sensitive information should store this in a secure location, ensure that it is encrypted, and only access it from a fully patched computer with adequate security solutions in place.<br /><br /> </div>
_20240920205457_original_image_22.webp)
