The Secret to This Email Phishing Campaign is Volume

email phishing campaignFireEye says a newly characterized cybercriminal gang, FIN11, has been launching widespread email phishing campaigns for the past four years. The group isn’t particularly sophisticated, but FireEye’s Mandiant unit says FIN11 stands out due to the “sheer volume of activity” it’s responsible for.

“There are significant gaps in FIN11’s phishing operations, but when active, the group conducts up to five high-volume campaigns a week,” FireEye says. “While many financially motivated threat groups are short lived, FIN11 has been conducting these widespread phishing campaigns since at least 2016. From 2017 through 2018, the threat group primarily targeted organizations in the financial, retail, and hospitality sectors. However, in 2019 FIN11’s targeting expanded to include a diverse set of sectors and geographic regions. At this point, it would be difficult to name a client that FIN11 hasn’t targeted.”

FireEye believes the volume of the FIN11’s activity makes up for its lack of sophistication, since the group can simply choose how to move forward after one of their phishing emails happens to compromise a victim.

“Mandiant has also responded to numerous FIN11 intrusions, but we’ve only observed the group successfully monetize access in [a] few instances,” FireEye says. “This could suggest that the actors cast a wide net during their phishing operations, then choose which victims to further exploit based on characteristics such as sector, geolocation or perceived security posture.”

FIN11 also changes its tactics as more effective attack strategies become apparent. This manifested itself in the group’s recent shift to using ransomware and data theft to extort victims.

“Recently, FIN11 has deployed CLOP ransomware and threatened to publish exfiltrated data to pressure victims into paying ransom demands,” the researchers write. “The group’s shifting monetization methods—from point-of-sale (POS) malware in 2018, to ransomware in 2019, and hybrid extortion in 2020—is part of a larger trend in which criminal actors have increasingly focused on post-compromise ransomware deployment and data theft extortion.”

The criminal threat evolves, and security training needs to keep pace with it. New-school security awareness training can enable your employees to identify and thwart both sophisticated and untargeted phishing attacks.

FireEye has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

New call-to-action

Get the latest about social engineering

Subscribe to CyberheistNews