Attackers target organizations to insert themselves into group email conversations as a way of ensuring the likelihood that one or more recipients are happy to unwittingly infect themselves.
So, you’re on a group email thread that’s been going back and forth with each recipient participating with commentary. At some point, one of the recipients naturally and contextually offers up a link or an attachment that will assist with the conversation’s topic. Would you click it?
Cybercriminals using this new technique are betting you will.
According to new research from security vendor Barracuda, attackers are taking a page from domain impersonation and deepfake voice attacks, and are now realizing the value of leveraging a compromised credential by simply looking through their email, finding a current email thread with several people on it, and inserting malware with a contextually-accurate reason. Remember, according to Microsoft, attackers spend about 146 days on your network before being detected; that’s enough time to find an opportunity to infect users.
It’s conniving and so evil you have to at least appreciate its brilliance.
It’s also a great indicator that users need to be taught to never trust any email – no matter who sends it. Users that participate in Security Awareness Training realize that even emails which appear to be from a trusted source still need to undergo some level of scrutiny. And in the case of conversation-hijacking attacks, the scrutiny is definitely necessary.