Cyber attackers employ new methods to gain access

Scammers are trying to get victims on the phone to download malware, according to a new report. Email attacks continue to rise and executives are being targeted more often.

Cyber attackers use different strategies to get inside organizations’ systems, but now they are employing a tactic involving a device that’s been around for more than a century: the telephone.

There’s a relatively new trend involving scammers trying to get people to call them, according to a new report released Tuesday from Abnormal Security, a cybersecurity firm. The scammers send an email asking to discuss a problem with an account.

Once making the phone connection, the scammers say they’ll have to download something to resolve the issue. That’s how they are delivering malware, said Crane Hassold, director of threat intelligence for Abnormal Security.

“Actors are essentially pivoting their tactics, adapting their tactics to find new ways to deliver their malware,” Hassold said in an interview with Chief Healthcare Executive.

Related story: Ransomware attacks threaten healthcare systems

The trend started emerging in the early part of 2021 but rose dramatically throughout the year, according to the report. More than half of all organizations were hit by such an attack in the fourth quarter of 2021.

Medical industries and insurance companies had a 45-60% chance of receiving such a scam. Some cybercriminals impersonated companies such as PayPal, Microsoft, Amazon and Best Buy.

It’s a newer tactic that also is “a very work-intensive process,” Hassold noted. It’s interesting because some cybercriminals don’t like engaging in attacks that involve a lot of time and effort, he said.

The network defenses at many companies are blocking many forms of malware, so they are changing strategies, he said.

“It’s a lot more work in order to do this,” he said. “At the end of the day, they still want to deploy that malware.”

Attacks are rising

Cyberattacks have been plaguing healthcare systems for years. Hundreds of attacks at healthcare systems involving at least 500 victims were reported to the federal government, and analysts have said they expect to see more cyber attacks aimed at healthcare this year. Analysts expect the number of cyberattacks affecting healthcare systems to rise in 2022.

Email attacks continued to rise, increasing by 10% in the second half of 2021, according to Abnormal Security.

Healthcare systems are also seeing a rise in “business compromise emails,” a trend that’s been around for years but is becoming more problematic and expensive.

In these attacks, cyber criminals craft email messages that appear to come from a legitimate source, such as a fellow employee or manager within the company. While business email compromise efforts are not the most common cyber crimes, they rose sharply, increasing 84% in the second half of 2021.

They are also costly. Business email compromise cost $1.86 billion in 2020, the most recent year statistics are available. That represents a 44% increase since 2018. Hassold said he expects the cost to rise above $2 billion shortly.

“As much as we hear about ransomware in the news, (business email compromise) from a financial impact perspective dwarfs every other cybercrime out there,” he said.

Medical industries have a 68.9% chance of receiving a business email compromise attack each week, according to the report.

Companies with less than 5,000 workers are more likely to see those attacks (about 1.59 attacks per 1,000 mailboxes). But larger companies are the most likely to see business email compromise attacks. Companies with 50,000 employees or more have a 95% chance of getting hit with such an event.

Going after vendors

Some attacks involve a company’s vendors, and they can be difficult to detect, Hassold said.

Instead of a cyber criminal trying to impersonate a fellow employee, they’ll attempt to appear as a company vendor and claim they are owed a payment. In some cases, these criminals gain access to a vendor’s email account amd will monitor communications between the company and the vendor for some time. This helps when it’s time to make their email pitch for money.

“They’re much more realistic,” Hassold said. “They use a lot of context they’ve collected to construct a very realistic email.”

Because criminals are doing some homework in attacks involving vendors, they don’t have some of the red flags that may indicate a scam, such as poor spelling and grammar that can be red flags.

Executives targeted

The report offered some good and bad news for executives.

On the upside, attempts at impersonating top-level executives appear to be declining, according to the report. There was a 33% drop in executive impersonations from the first quarter of 2021 to the fourth quarter.

However, more cyber attacks were targeted at executives. Attacks aimed at executives rose 24% from the first through fourth quarters of the year.

It’s easy to see why attackers would go after company executives, Hassold said.

“They are the gatekeepers to information and money,” he said. “So that’s probably why we’re seeing an increase in being targeted by these attacks.”