2015 FACC Whaling Attack
In late 2015 FACC, an. aerospace company specialising in aircraft components and systems, lost $47 million after a successful ‘whaling’ attack. In this case, the hackers impersonated the CEO of FACC to get an employee to send money.
Cyber criminals posed as FACC CEO Walter Stephen, sending an email to another employee requesting the transfer of funds for an ‘acquisition project’. The phishing attack was successful as the hackers managed to replicate Stephen’s writing style, lending legitimacy to the message so the unsuspecting employee would comply.
The attack was made public in early 2016, when FACC admitted the monetary loss and announced the immediate departure of the CEO. The employee who transferred the funds was also fired, along with the CFO of the company.
FACC managed to block around 10.9 million euros ($11.2 million) from being transferred, but the majority of the funds were sent to the fraudsters. This contributed to FACC recording losses of 23.4 million euros ($24 million) for the 2015/16 financial year.
2014 Sony Pictures Phishing Attack
The infamous 2014 Sony cyber attack saw up to 100 terabytes of data leaked from the entertainment giant, as well as extensive damage to servers and operational capacity.
While malware was used to exfiltrate the data and wipe Sony’s servers, initial access was granted through phishing emails sent to Sony executives. These emails asked for account verification, linking them to malicious sites that, when they entered their details, sent the executives’ usernames and passwords to the hackers.
The hacking group, called ‘The Guardians of Peace’ or ‘Lazarus’, were then able to access and steal information relating to employees, data on then-unreleased films and private correspondence.
The hackers claimed to have stolen 100 terabytes of data, but this has never been verified – around 40 gigabytes appeared online after the attack. The attack caused major damage to Sony’s internal systems. In the first quarter of 2015, the company set aside $15 million to deal with ongoing issues relating to the attack. In total, the attack cost Sony an estimated $100 million to resolve.
2021 Colonial Pipeline attack
The 2021 Colonial Pipeline attack was a massive cyber attack that temporarily shut down gasoline distribution across the east coast of the USA. This prompted a state of emergency to be declared in 18 states to avoid crippling shortages.
While most of the damage was caused by a ransomware attack that locked systems, the hackers gained entry to the network through a compromised password. The hackers were likely able to get this password through phishing or social engineering.
According to Colonial Pipeline Chief Executive Joseph Blount, the legacy account linked to this password did not have multifactor authentication in place, meaning there was no second step in place to ensure the person entering the password was authorised.
As such, Colonial Pipeline was forced to pay around $4.4 million to the hackers to regain control of their systems.
What is phishing?
Phishing is the most common form of cyber crime. Phishing attacks are usually emails, where the cyber criminal poses as an organisation or charity to elicit a second action, such as clicking on malicious email attachments or following a link to a spoof website.
Phishing attacks are often the entry point for cyber criminals to launch more serious security breaches. As such, it is crucial that individuals and employees learn to spot a phishing email to avoid potential security incidents.
Is phishing the most common cyber attack?
Yes, phishing is the most common form of cyber crime. An estimated 3.4 billion phishing emails are sent every day.
What is spear phishing?
Spear phishing emails are a targeted form of phishing. Cyber criminals already have some information about the target, such as their name, place of employment or job title. This allows the criminal to create more authentic-sounding messages to trick the target.
What type of phishing attack targets specific users?
‘Spear phishing’ is a type of phishing attack that targets specific users.
What type of phishing attack targets groups?
Most types of phishing will target groups of people, using email addresses or telephone numbers taken from breached databases.
What are the types of phishing attacks?
Email phishing: The most common type of phishing attack. Cyber criminals impersonate companies or charities in an email, directing potential victims to click a link and enter personal information or pay for something. Any data entered can be seen by the cyber criminals, including passwords.
Spear phishing: A targeted form of email phishing, where personal information is used to craft more genuine-sounding messages.
Whaling: A form of spear phishing, whaling is where cyber criminals target senior executives and high-ranking managers. These messages convey a sense of urgency, usually to transfer funds quickly.
Smishing: Cyber criminals send text messages posing as a company or charity. These messages work much the same way as email phishing.
Vishing: Cyber criminals call their targets and attempt to get them to give information, such as account credentials or credit card details, over the phone.
Angler phishing: Cyber criminals use social media to get information, to get targets to visit a fake website or download malware.
How many phishing emails are sent daily?
3.4 billion.
While it would be impossible to get a definitive answer, it’s estimated that 3.4 billion phishing emails are sent globally every day.
How common are phishing attacks?
Over half of the victims of cyber crime globally were victims of phishing scams in 2021.
Phishing is the most common form of cyber crime. More than half of those affected by cyber crime fall victim to phishing. For businesses, this number is even higher; 83% of UK businesses that suffered a cyber attack in 2022 said they were the victim of phishing.
What is the difference between phishing and blagging?
Blagging: Blagging messages are targeted attacks where the hacker makes up a story to try and get money or information out of the target. For instance, the target may receive an email from a ‘friend’, who needs money.
Phishing: Phishing messages are more general, usually sent in the form of malicious emails to addresses gained from a breached database. The hacker will pose as a business or charity, but the end result is the same as blagging; the hacker attempts to get the target to send money or enter information on phishing sites.
Why is phishing still successful?
In general, cyber attacks are becoming more dangerous as criminals develop more sophisticated methods of breaching defences. This is why phishing is still successful and dangerous.
New types of phishing attacks can be rented to criminals on a subscription basis, such as ‘EvilProxy’. EvilProxy can bypass multi-factor authentication, heightening the risk of data breaches even with robust security systems in place.
Sources
Google, Surfshark, UK government, ISTR, Cofense, Mimecast, LinkedIn, Bulletproof, Check Point, IBM, Kaspersky, AtlasVPN, NCSC, IT Governance, Reuters, Wired, Office for National Statistics, IC3, Statista, Canadian Anti-Fraud Centre, Statistics Canada, Valimail, Verizon, F5 Labs, Law Society, Tessian, Webroot