What is reply-chain phishing?
Reply-chain phishing is used by hackers to insert themselves in legitimate conversations through compromised accounts. Unlike spear-phishing where hackers use fake email addresses that sound similar to legitimate ones in reply-chain phishing, emails are sent from hacked email accounts belonging to legitimate users. The credentials are obtained through various means. Once the hackers access the email account, they study email threads and identify those with the maximum likelihood of netting victims.
The hacker then sends an email as a reply to one of the mails in a thread with a malicious URL disguised as a legitimate one. Recipients may inadvertently click on the link and install or download malware that can then spread across the network. IoT and OT-specific malware is also being spread this way.
In addition in a new tactic, hackers are using out-of-office replies to insert malicious links as well. A sample intercepted by Sectrio’s threat research team is presented as an image in this article. The hackers are operating to divert the attention of recipients and get them to download and/or install malware.
How effective is this type of attack?
Such attacks bear a higher chance of success because it involves legitimate conversations. Hackers often take more time to study the victim’s conversations before acting. Further, from what we have seen, such attacks are not just more targeted but involve lesser grammatical or other errors that could raise suspicion. Hackers can also route replies to a separate inbox to hide the conversation from the legitimate user. Thus reply-phishing is a more advanced version of a phishing attack. Hackers can even prevent the victim from being alerted.
Hackers can target an entire organization through distribution lists and target multiple victims in a single campaign.
What is the hackers’ likely goal here?
Data, more credentials, and ransom. They could even infect supply chains or partner networks of victim organizations through such attacks.
How can companies protect themselves against this reply-chain phishing attack?
The golden rule is no re-use of passwords. All accounts should have unique passwords backed by multi-factor authentication. Employees should be trained to respond to suspicious emails from a colleague by informing them on another medium such as by calling them or alerting them through a message on another platform. Employees should also be trained to treat any email asking for someone to open an attachment with caution.
Sectrio is a leading IoT and OT cybersecurity vendor with solutions, threat intelligence, consulting, and SoC services on offer for various industries. In addition to running the largest threat intelligence gathering facility in the world, our solutions also operate with the least amount of threat detection latency. Which means you can keep hackers at bay much faster.
See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.