This blog had been published at www.keepnetlabs.com.
As cyber threats are evolving, the companies around the world are getting extra security solutions to combat against them. Whaling is also one of the cyber attack vectors that evolved in the last couple of years targeting someone like a top-level executive like a senior executive at a corporation. Whaling attacks have seen a sharp rise and are expected to go up, as according to FBI that these attacks resulted in losses of more than $12.5 billion during 2018. 1
1. What is a Whaling Attack?
The Whaling attack is a kind of spear-phishing attack that a hacker targets a high-level executive like a C-level employee, e.g. a Chief Executive Officer (CEO) or Chief Financial Officer (CFO) and ventures to manipulate them using social engineering techniques. The intention of whaling can vary from high-value money transfers to trade secrets. Since the target is a high profile employee, the term whaling is used to denote the high value of the target.
2. How does Whaling work?
As we have mentioned, as targets are bigger, it is called whaling. This is the point actually that separates it from spear-phishing attacks which may target any individual, whereas whaling attacks are more specific in focusing on one specific high-level executive.
Cybercriminals can use whaling attacks to imitate senior management in a business or association, like the CEO, CFO, or other executives, in an attempt to gain access to sensitive data or money. They employ the information they have gathered from social media or IOC feeds or other internet sources to deceive employees to get mode data, especially with financial or personal data.
In whaling attacks, the hacker uses the power and authority of the “whale” ( a senior executive) to persuade people not to look at details or questions of their false demands. Once employees just follow directions and ignore look at carefully at the email address or fake websites, then the hacker succeeds. Therefore, like in the other social engineering attacks, technical security solutions mostly fail to protect organisations against these attacks.
2. Whaling attacks by statistics: does today’s security solutions are enough?
According to the FBI report, companies lost more than $12.5 billion during 2018. Moreover, according to Vanson Bourne’s study, “the targets were picked very strategically in relation to their position in the company” that according to 27% of the respondent, their CEOs had been targeted, and 17% reported attacks on their CFO which is suggesting that executives are becoming favoured objectives for cybercriminals. 2
3. Why ‘Whaling’ attacks are on the rise?
The whaling attacks are very real and growing all the time. Hackers use this method because it is more effective and productive. For instance, toy giant Mattel fell victim to a whaling attack after a top finance executive received an email requesting a money transfer from a fraudster impersonating the new CEO. In this attack, the company almost lost $3 million as a result. 3
Whaling emails are more difficult to identify because many of these attacks do not include a URL or malicious attachment and generally rely exclusively on social-engineering methods to deceive their targets. and bypass most of the security solutions. Therefore, many executives have fallen victim to specifically this attack vector. For instance, the US-based cryptocurrency processor BitPay was attacked when hackers successfully impersonated the company’s CFO, telling the BitPay’s CEO to pay 5000 bitcoins, roughly £1,500,000, into a fake account. 4
4. Phishing And Whaling
Both phishing and whaling attacks are formed deceive targets into giving out sensitive information. An email demanding an officer to check bank account may seem genuine yet it can actually be a scam to get money from the target organisation. Given this rising threat, many organisations have to get proactive security solutions to protect against such scams.
Conventional phishing attacks oftentimes demand the target for money and the hacker then gets the money and go away. A spear-phishing attack is somewhat different in which the hacker target a specific victim, and learn details about him and develop the attack respectively. Using the spear-phishing method, a hacker might target a person in the IT department of an important organisation and then learn that person’s weaknesses, attitudes, reactions, likes, and hates to use that knowledge for achieving confidence. The hacker might then uses social engineering against the victim and the victim might present access to sensitive data or even give money.
A whaling attack, however, targets a high-level executive, usually a C-level employee of an organisation. Hackers use whaling to get large money transfers or trade secrets. 5
5. Security solutions to prevent whaling attack
5.1. Train your employees
Your security solutions must include training all of senior management. Also, train all of your employees against phishing and whaling attacks.
5.2. Create a social media usage policy for executives
Social networking websites like Facebook, Twitter, Instagram and Youtube might present a lot of information for social engineering attacks. A hacker might discover that an executive’s evening plan on social media then utilises that information to create trustworthiness. Having a policy for social media usage for your executives, like not sharing personal or corporate dinner plans or making their social media accounts private will help to limit a hackers ability to hack.
5.3. Flagging emails from outside the company
Security solutions should also include flagging external emails to notify users about a fraudulent activity because whaling attacks occur usually by hackers’ impersonating someone from within the organisation and hackers unusually attack from within the same organisation. This security solution can raise awareness of a whaling attack.
5.4. Practice and enforce good email habits
Your employees should not click suspicious URLs or attachments. If the employee didn’t particularly demand an email or any email that requires immediate and extreme action should be verified.
5.5. Use Incident Response Security Solutions
Whaling attacks are created to target executives for much bigger rewards, which generates an urge to spend more effort into this attack. As anyone can be exposed to this kinds of social engineering attacks, it will be wise to use incident response security solutions detect, analyse and contain a threat within minutes to mitigate damage.