.

Targetted attacks at CEOs

<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Apr 15, 2008 4:19 am

Targetted attacks at CEOs

Guys,

ISC has a story about a new 'click-the-link' email scam with a twist. It appears to be targetted at company CEOs claiming they have been issued a subpoena to give evidence in court. (Story here)

These sort of attacks appear to be gaining in popularity. From my experience this could be a scary trend as CEOs (and other director type roles) are often the least technically savvy in an organisation, along with often the worst security and patch level. I can't help thinking these are targets are going to be successful, and likely becoming less of a rarity.

<Update>
Forgot to mention, as is often the case AV covereage is poor 3/32 on VirusTotal
</update>

Who fancies interrupting a round of golf to ask the top man not to click the pretty links?  (me neither...)
Last edited by RoleReversal on Tue Apr 15, 2008 4:21 am, edited 1 time in total.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Tue Apr 15, 2008 9:05 am

Re: Targetted attacks at CEOs

We added this style of attack to our risk briefings for CISOs about 6 months ago.  This is a version of the spear phishing attempts that have been gaining momentum, but the subpoena line is a new one to me.  Good post.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Tue Apr 15, 2008 9:54 am

Re: Targetted attacks at CEOs

Thanks for the heads up.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Apr 15, 2008 7:13 pm

Re: Targetted attacks at CEOs

Several years ago there was marketing research done by a direct mail company to determine which mail people were most likely to open first. The number one winner was a notice from the IRS that might look like an audit and the second place winner was mail from an attorney office that might look like a lawsuit. I can testify to the accuracy of this research when I have done social engineering. One time I actually sent an email so obviously a hoax just to prove a point from a law firm I called Dewey, Cheatum and Howe and it stilled worked, LOL! The officer of the company was rather embarrassed later on when I brought it to his attention.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Apr 17, 2008 9:33 am

Re: Targetted attacks at CEOs

Kev,

You truly are the lowest form of life on Earth. lol  I'll bet he felt like a hoarses @$$ afterwards. Great use of social engineering and it goes to prove where the weakest link in any security is, the end user.
Mike Conway
CISSP
CompTia Security +
C|EH

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software