Across the cybersecurity industry, white papers and reports typically highlight high-level trends related to cyber threats. However, what is often overlooked is a more granular analysis that focuses on individuals within an organization. More specifically, the high-value targets that threat actors focus much of their attention on.
As part of an ongoing series, PhishLabs will examine how executives in various different industries are targeted by cyber threats. These threats can range anywhere from email and social media to the open and dark web. This initial profile takes a close look at email-based attacks targeting one particular executive.
Financial Institution Executive Analysis
Our first profile highlights an incredibly effective executive who works for a large regional bank. While we will keep his details anonymous, let's call him Don Miller.
Over the past six months, Don has reported 438 emails to PhishLabs. That is nearly three emails a day. Don's reports have led to 389 confirmed malicious threats - or about 89% of the total emails he submitted.
Job function: Executive on Finance Team
Organization size: Large regional bank
Industry: Finance
Suspicious content reported: 438
Confirmed malicious content: 389
Non-malicious content: 26
Other questionable content: 23
Threat Type Breakdown
Don is clearly a prime target for all types of cyber threats. He has received everything from redirect links to login pages, targeted spear-phishing campaigns, BEC scams, and fake voicemail payload-based attacks. Thanks to Don, each of these attacks have been identified and added to Email Intelligence & Response, allowing our partners and clients around the world to ensure they are detected and mitigated. Let's take a closer look at the types of confirmed malicious content our target received.
Emails with Malicious Links: 303
Emails with Malicious Attachments / Payloads: 55
BEC or Response-Based Malicious Emails: 31
Link Based Attacks
In most cases, these are attempts to steal the victim's credentials and take over their account. By reporting these types of emails, the data associated with the link, sender, and other meta-information can be spun into intelligence that gets actioned.
Example subject lines:
- NewFax Notification for Don Miller
- please approve this process Don Miller
Payload Based Attacks
Payloads or attachments are typically malware. Like our phishing attacks with links, PhishLabs is able to extract data from the malicious payloads and use that intelligence to serve all of our clients.
Example subject lines:
- Requested documents for Don Miller
- New Audio Message from [Redacted] TO Don Miller Length: 0:44 seconds. Date: Tuesday, October 8, 2019.
Response-Based Attacks
Response-based attacks are typically BEC or spear-phishing attacks. This can be someone posing as an executive to try and get gift cards, as a vendor seeking a wire transfer, or a friend requesting help.
Example subject lines:
- sales@[redacted].com sent you files via WeTransferÆ
- Re: second notice..
Final Outcome From Intelligence
Not all users are targeted as much as Don, but we should all hope to be as vigilant and suspicious as he is when receiving an email. This is just one executive under the microscope, but it's a story we see time and time again as executives are high-value targets for threat actors.
He is a key asset to the partnership between PhishLabs and his organization, helping to gather important intelligence and take action against the threats that target not only his organization but for organizations across the globe.