InfoSec Insider

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise.

As we have seen throughout the COVID-19 pandemic, cybercriminals are flourishing in these times of upheaval, due to their ability to quickly adapt their tactics to capitalize on uncertainty. As major disruptions to the global supply chain continue, and shipping delays are expected, threat actors are setting their sights on impersonating the shipping industry to exploit unsuspecting companies and employees.

Infosec Insiders Newsletter

With shipping delays and supply shortages expected to continue well into 2022, it’s a good bet that these lures will continue land in corporate inboxes. The good news is that businesses can take steps to mitigate some of their risks if they understand the key signs and best practices for protecting against this kind of attack.

Understanding Spoofing

Although there has been an uptick in supply-chain spoofing attacks, the act of spoofing itself is nothing new. During a spoofing attack, cybercriminals conceal their identities to make it seem as if the method of communication (email, text or phone call) is coming from a legitimate, trustworthy sender.

There are several varieties of spoofing attacks, but the most common trait is pretending to be an individual or company they aren’t. Bad actors utilize this method to build trust and lure receivers into clicking on malicious links that will be used to collect personal information or install malware.

How Spoofing is Evolving

In the past, spoofing and impersonation efforts have typically followed a couple of easy-to-spot patterns that make cybercriminals’ efforts fairly noticeable, if organizations know what to watch for. For one, these outreach efforts often have spelling and grammatical errors and unusual phrasing. Since the communication is supposed to be coming from a reputable company, this is an immediate red flag. Similarly, follow-on phishing pages were once easily discernable as fake, either because of a bad URL, outdated graphics or poor design.

However, threat actors have vastly improved over the years and many of today’s attacks are very well crafted and offer very little in the area of these “obvious” issues.

For instance, recently the Zix Threat Research team uncovered a spoofing attack where the threat actors posed as one of the largest container-shipping lines in the world. The email encouraged the recipient to download a shipping document confirmation by clicking on a malicious link. If the user complied, they would be directed to a very convincing phishing page that cycled through different realistic-looking company backgrounds, with a sign-in screen overlay meant to steal the user’s email credentials.

Another continuing trend involves generating a feeling of pressure and urgency to keep recipients from giving it too much thought before responding or following the link. Of late, this tactic has become more convincing and subtle, such as stating individuals will lose access to a valuable account if they do not respond immediately.

A Holistic Approach to Building a Defense

Amidst more sophisticated spoofing attempts, companies should seek to implement a series of best practices — especially required education programs, DMARC and an effective email threat protection solution.

Security-awareness training is an effective internal process to implement because it teaches employees how to spot email attacks. Having a better understanding of when they shouldn’t click on a link or download an attachment will go a long way in protecting employees.

Building awareness is a great start, but organizations shouldn’t stop there. They also need to adopt an effective DMARC policies. DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s identity before allowing the message to reach its intended designation – and verifying that the purported domain of the sender has not been impersonated.

Another tool is an email threat-protection system, preferably one that’s dynamic and continuous in its analysis. Incoming emails can be scanned for signs of malware, predictive phishing patterns, patterns from previously identified campaigns and other suspicious indicators.

Although spoofing attacks are continuing to evolve, the burden on organizations can be lessened by implementing the right training and adopting the most effective technology solutions to keep email, employees and the company as a whole protected.

Shipping and logistics companies are dealing with a lot of uncertainty right now, and so are their customers. The strength of companies’ cybersecurity posture doesn’t need to be another question mark.

Troy Gill is senior manager of threat intelligence at Zix (an OpenText Company).

Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.

Suggested articles