【Press Release】Business Email Compromise Attacks Remain High in Hong Kong DHL Becomes the Most Impersonated Brand
(Hong Hong, 2 November 2021) Green Radar (Hong Kong) Limited (“Green Radar” or “Company”) released the Green Radar Email Threat Index (“GRETI” or “Index”)for the third quarter of 2021. The Index score showed an increase to 64.6 in Q3, comparing with 63 in Q2, indicating that the email security risk faced by enterprises remained at a high level with a moderate rise. The report showed the most common threats to email comprise phishing and business email compromise (BEC) attacks, of which the risks remain at high level. It is noteworthy that BEC has been on an upward trend apparently in the third quarter. The report also revealed a new pattern of phishing email which bypasses detection by embedding phishing links in email attachments. On the other hand, it has become more difficult to identify fraudulent websites as SSL certificates and reCAPTCHA are increasingly adopted to deceive users.
Phishing emails with SSL certificates and reCAPTCHA to make people take it as it is
Phishing continued to be the most common attack, according to the GRETI report for the third quarter of 2021, which also revealed that phishing activities and malware attacks have continued to surge. In the top ten malware family, exploit.msoffice.CVE-2018-0802 jumped from the sixth place to third, indicating the malware was favored by hackers which the public should be aware of. In addition, it has become more difficult to identify phishing attacks. Green Radar Security Operations Center (SOC) intercepted that more than 70% of phishing email cases came with both SSL certificates and reCAPTCHA to deceive users that it is a legitimate website. An SSL certificate is a third-party verification of the legitimacy of a website, and is commonly used by legitimate websites as general authentication; while reCAPTCHA is also a tool adopted by most well-secured websites to prevent cyberattacks from robots. GRETI believes that the such phishing tactics will become more common.
GRETI analyzed phishing fraud cases and found that cybercriminals used neglected ways to attack, such as embedding phishing links in email attachments to make offline phishing attacks, instead of directly putting the link in the email in order to bypass detection. Recently, a customer of a power company in Hong Kong received a refund email and the customer was redirected to a counterfeit login page. It is believed that the fraudsters used the refund as an inducement to steal the user’s personal and credit card information for profit.
(A fake email case intercepted by Green Radar SOC – victim was redirected to a counterfeit login page via link in phishing email)
DHL as the most impersonated brand
The consequence of a BEC attack should not be underestimated. According to the data from Green Radar SOC, the three most frequently impersonated brands identified are DHL, Microsoft, and LinkedIn. The rank of DHL bumped up from second place to the first. Cybercriminals target consumers by impersonating well-known brands, and initiate new phishing attacks every 11.3 seconds on average. Impersonating big-name brands can increase hackers’ credibility, and companies such as SF Express and Microsoft remain popular targets. Criminals may cause financial loss to their victims with “perfect portrayal” emails, such as claiming that there are issues with delivery by posing as SF Express to obtain credit card data with the intention of money extortion.
Mr. Kenneth Ma, Senior Vice President of Sales at Green Radar commented, “The GRETI Q3 report reflected that the threat of email attacks continues to grow and phishing tactics have evolved. In order to prevent enterprises from becoming victims, it is critical to provide cybersecurity awareness training to employees, while putting holistic and effective adoption of email detection engine in place. Proactive measures are the best preventive actions.”
For full report of the “Green Radar Email Threat Index 2021 Q3, it can be downloaded from: https://www.greenradar.com/email-threat-index/
Green Radar 公佈2021年第三季電郵威脅指數
(香港，2021年11月2日）劍達（香港）有限公司（「Green Radar」或「公司」）發表2021 年第三季度的電郵威脅指數 Green Radar Email Threat Index（「GRETI」或「指數」）。第三季指數顯示為 64.6分（上季為63分），反映企業面臨的電郵威脅風險維持於高水平而且有所增加。根據分析，第三季最常見的電郵威脅包括網絡釣魚和商業電郵詐騙攻擊，風險級別水平為「高」，其中商業電郵詐騙攻擊在今季上升趨勢持續，情況不容忽視。報告又發現，黑客多將釣魚鏈接嵌入電郵附件內以嘗試繞過偵測；而假網站愈見難以識別，已普遍利用 SSL 證書和 reCAPTCHA以騙取信任，部分攻擊更特別針對本港企業。
釣魚郵件包含SSL 證書和 reCAPTCHA提升可信度
根據今季GRETI 報告，網絡釣魚繼續成爲最常見的攻擊手法。第三季中，網絡釣魚活動和惡意軟件的攻擊情況持續上升。十大惡意軟件家族排行榜中的exploit.msoffice.CVE-2018-0802從第六位躍升為第三位，表示該軟件更受黑客青睞，需要多加留意。此外，網絡釣魚攻擊變得更難識別，網絡釣魚郵件現在使用 SSL 證書和 reCAPTCHA來讓用戶相信它是一個正當的網站，在本地安全監控中心（ SOC）取得的相關例子中超過70% 完全包含這兩個功能。SSL證書是對網站合法性的一種第三方驗證，絕大部份正當網站均會採用這種通用認證。而reCAPTCHA 亦是大多數完善網站用以防止機器人執行的網絡攻擊的工具。GRETI相信此類釣魚手法將越來越普遍。
其次，商業電郵詐騙攻擊的威力亦不容小覷。根據Green Radar SOC的統計，最常被冒充的前三大品牌包括：DHL 、微軟和LinkedIn，當中DHL由第二位上升至第一位。犯罪分子透過騎劫知名品牌，瞄准特定消費者，平均以每11.3秒一次新的網絡釣魚攻擊來針對其消費者。由於冒充知名品牌可增加其可信度，順豐、微軟等公司仍然成爲攻擊目標。犯罪分子為令受害者造成經濟損失，他們會製作逼真的電郵，例如冒充順豐訛稱快件派送問題，以索取用戶信用卡資料意圖詐取金錢。DHL於第三季成為最常被假冒的品牌，除了相關網絡釣魚郵件攻擊有所增加外，電郵内容甚至假網站的仿真度也愈來愈高。
Green Radar 高級銷售副總裁馬偉雄先生表示：「GRETI第三季的分析報告顯示電郵攻擊威脅不斷增加，持續處於高風險水平，加上網絡釣魚攻擊手法不斷推陳出新，要避免企業成爲下一個受害者，定期培訓員工以提高其網絡安全意識，配合全面和有效的電郵檢測引擎，採取積極的防護措施才是明智之舉。」