Email is a major weapon for cybercriminals and anyone wishing to penetrate an organisations cyber defences. Even nations are at risk. Recently a prankster using the moniker “Sinon Reborn” managed to get the UK Home Secretary, Amber Rudd, to respond to an email she believed to be from a new colleague. From a cybersecurity point of view this is deeply worrying.
The same prankster has also tricked other government officials – in both the UK and the United States – into corresponding with him. While these email exchanges were pranks, they could have been more dangerous. If a prankster can do it so could terrorists, cybercriminals, other nations and hacktivists; all of which are willing to cause huge damage to a nation like the UK.
For the prankster, all he needed was the publicly available emails of the government officials and a free email service to set up his fake accounts. To gain access to sensitive information, it does not always take a genius coder. Targeted phishing attacks can be highly effective if the cybercriminal is willing to do research on the victim. Organisations – and governments – need to be alert to the dangers.
Rolling out the Trojan Horse emails
In the case of Amber Rudd, she responded to an email in which Reborn pretended to be Theresa May’s new communications chief, Robbie Gibb. Reborn sent an email to Rudd’s publicly available email, posing as Robbie, saying that he was happy to be onboard. Rudd then responded via her personal email.
The Home Office was quoted saying, “As the email exchange shows, she rapidly established that it was a hoax and had only exchanged pleasantries up to that point.” While it is true that Rudd did not disclose any critical information in the short email conversation with Reborn, she did unintentionally give her personal email address to the hacker. This must be considered a serious breach of good IT security protocol.
Unfortunately, Rudd is not the only government official to be the victim of this same attacker. Tom Bossert, White House Homeland Security Adviser, was also baited by Reborn’s email phishing. In this instance, Reborn created an Outlook account pretending to be Jared Kushner, and sent a message to Bossert’s official email address. The imposter Kushner invited Bossert to a fictitious VIP soirée. Bossert accepted the invitation and offered his personal email address to the fake Kushner telling him, “if you ever need it.” In a pinch Reborn had sufficiently gained Bossert’s trust.
Looking at Reborn’s story so far it might seem like email phishing is a strategy that suits him because he has no major goals. Reborn might say otherwise. Recently, Reborn set out to trick the editors of Breitbart News and expose their raw email correspondence to the press.
This time he posed as Steve Bannon, a Trump adviser who was recently fired from the White House. Even though he misspelled Bannon’s name in the fake email address, Reborn managed to mislead his targets at Breitbart.
Protecting the organisation when email is a weapon
As these examples show, it is often the employees of an organisation who put a chink in the cyber defence armour and expose confidential information. A careless click or a hastily typed email in the middle of a busy day could result in a security breach.
If a cybercriminal can convince just one person to open a malicious attachment then every layer of security technology has failed. That is why training employees to recognise suspicious messages is essential. And the more employees are educated, the more attackers up their game and employ new strategies. So, what can be done to combat this swiftly shapeshifting threat?
Regular training for employees on how to spot email phishing remains a necessity. People – as the Amber Rudd episode shows – remain a major weakness in an organisation’s, or even a state’s, defences. The greater the awareness within the organisation, the fewer the cracks in its defences. However, technology can also supplement this approach. Application control solutions deploy and maintain a whitelist. These solutions ensure that only approved binaries can run on the systems within an enterprise.
What then if an attacker should still succeed in bypassing this technology and hoodwinking employees? Live response solutions can be installed on employee devices. These solutions can provide quick clean up to remove any malicious files that the employee unknowingly downloaded.
Email is a potential gateway into an organisation and a weakness that can be exploited by cyber attackers with a wide range of motivations from the less serious prankster and notoriety motivations of Sinon Reborn to the much more sinister motivations of jihadis and unfriendly nation states. Phishing in particular is a popular form of attack that still remains too successful for comfort and the fact high-profile politicians are snared by these attacks means all organisations are vulnerable to some extent; therefore, combining technology and people processes to resist the attacks is essential.
By Rick McElroy, Security Strategist, Carbon Black