North Korean spear-phishing campaign attacks U.S. firms Special

Posted Oct 1, 2019 by Tim Sandle
Several U.S. businesses have been targeted by a campaign seemingly to originate from North Korea and using the tactic of spear-phishing. The cyber-assault is sophisticated, using legitimate documents as the targets. Alexander García-Tobar explains more.
North Korea's leader Kim Jong Un and US President Donald Trump  pictured at the start of their ...
North Korea's leader Kim Jong Un and US President Donald Trump, pictured at the start of their historic US-North Korea summit, are preparing for a second meeting
Prevailion researchers have discovered an ongoing, spear-phishing campaign termed “Autumn Aperture”, which targets U.S. firms . The cyber-process is potentially connected to the North Korean Kimusky threat actors and it consists of sending victims trojanized documents via email. Furthermore, the hackers utilize little-used file formats, which makes them difficult to detect by conventional antivirus products.
Spear-phishing refers to the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
To understand the implications of such an attack and what companies can do to better protect themselves, Digital Journal caught up with Alexander García-Tobar, CEO and co-founder of Valimail.
According to Alexander García-Tobar, this new incident is a sign of how external cyberattacks are changing: “The Autumn Aperture attack is a prime example of how sophisticated and convincing cybercrime tactics have become." He calls out phishing attacks as key examples of this level of sophistication.
As to how the attacks happen, the analyst explains how "hackers are impersonating senders that are known to the targets, hiding malware in legitimate-looking documents, and sending spoofed emails that their victims may even be expecting.”
García-Tobar also notes how common spear-phishing as an attack method is becoming: “Spear phishing plays a role in at least 90 percent of all cyberattacks, and it is highly effective. To stop attacks like this, the first essential step is to prevent malicious e-mails from ever entering inboxes.”
The reason this can happen is due to some inherent weaknesses with conventionally configures email, according to García-Tobar: “Most -email defenses will focus on the content of the messages and the links they contain, but given the rapidly evolving attacks techniques and use of obscure file formats in attacks like these, content-centric systems don’t always catch the bad guys.”
In terms of preventing such incidences, García-Tobar states it is necessary to "to confirm the identity of the sender, since the vast majority of phishing schemes use fake identities and are virtually indistinguishable from legitimate emails.”
He adds that: “Properly enforcing Domain-based Message Authentication, Reporting and Conformance and implementing advanced anti-phishing solutions that validate senders’ identities" are what is needed to provide appropriate an defense.
However, businesses need to act on such advice. As García-Tobar notes companies should not be shifting the responsibility to employees to detect potentially fraudulent emails. Instead, firms should be investing in the latest and most appropriate technologies - ones that proactively protect inboxes from receiving suspect emails in the first place.