Posted on March 17, 2022 at 8:50 PM

Conversation Hijacking Soars 270% As More Hackers Cash Out

Recent data from Barracuda Networks has revealed that there has been a steady rise in conversation hijacking attacks. The researchers warn that the type of attack, which is typically a precursor to business email compromise (BEC), has grown by 270% over the past year.

The phishing attack hijacks legitimate conversations between users to deliver malware, steal money, steal money, and other forms of attacks.

Phishing attacks have long been a very serious cybersecurity issue for organizations. In a lot of these attacks, threat actors send out a series of emails as they try to deceive victims into downloading malware or clicking on malicious links.  In some cases, cybercriminals try to deceive the users into exposing their passwords through fake login details.

These attacks can be generic, basic, or sophisticated. In some cases, they attract the user’s attention by claiming that they have won a prize and need to click a link to claim it. In other instances, it takes a more complex nature with more targeted campaigns with corporate emails. They are designed to appear very legitimate to deceive the intended target. For example, some phishing attacks involve the hacker sending emails and posing as the company’s Chief Executive Officer to trick the employee into following orders from their boss.

Threat Actors Now Follow A Different Dimension

Threat actors are increasingly getting more sophisticated every day. They are increasingly looking to exploit the email accounts of real users by hacking their accounts and hijacking snooping into their conversations to send phishing emails.

These types of attacks can be very effective since the source of the email is known to the targets. In this type of attack, the hacker engages in an ongoing conversation with the target, who may not know they are conversing with a hacker. This means the target may have little reason to suspect any phishing activity when they ask for a file to be downloaded or for a link to be clicked.

Conversation hacking attacks begin with the attackers hijacking the email accounts of their victims. Once they have details of the hijacked account, they can use it to lure other victims, according to the researchers at Barracuda Networks.

Once the attackers have taken control of an account, they take their time to read the messages and monitor their ongoing communications to get a reasonable understanding of the day-to-day use of the account before they launch their campaign.

They try to understand how the user communicates with both internal and external contracts. they also seek to know more about the users’ employer and whether there are potential deals in progress requiring the transfer of funds. With this information, cybercriminals can design authentic-looking and very convincing messages to deceive their targets. In addition, they attach malware to files or malicious links to the messages they send to their intending victims, who are on the contact list of the hijacked email.

Attackers Are Lured By The High Level Of Reward

These types of attacks require more time and effort to execute compared to the normal BEC attack. Many of the threat actors have learned and mastered the art of remaining patient and striking when they will gain more.

Vice President of product management at Barracuda Networks, Mike Flouton, stated that conversation hijacking, when it’s done “right”, can lead to massive payout for the cybercriminals.  The higher level of reward in this phishing method has lured several threat actors.

The number of criminals involved in conversation hijacking is also growing because it is very difficult to detect.

Although this type of attack only represents a small portion of the entire social engineering attacks (about 0.3%), the high success rate means more attackers will likely join in the future.

 Users Can Protect Themselves

Just like other phishing attacks, the researchers have stated that users can protect themselves from conversation hijacking attacks.

Users are advised to maintain strong passwords to make sure that hackers don’t easily gain entry points by cracking their passwords. Additionally, multi-factor authentication is an extra layer of security that can protect users in case the attackers somehow get the password.

Organizations should also apply account-takeover protection to monitor networks and inboxes against suspicious activities. The organizations should also have procedures to deal with a successful attack to mitigate the widespread impact on their network. Organizations should also use other protective measures like staff training on cyber security to protect their employees from exploitation.