Brand impersonation in cyberattacks has reached new levels of sophistication, highlights a recent research article from Abnormal Security.
Traditionally seen in financial institutions and social media sites, threat actors are now employing multi-stage attacks with a high degree of personalization.
A study published by Abnormal CISO Mike Britton revealed a case in which attackers impersonated the popular streaming service Disney+ in a complex scheme.
An attack with attention to detail
The cybercriminals launched the attack with an automatically generated notification email regarding pending charges for a new Disney+ subscription. Each email contained a PDF attachment named after the recipient – a rarely used tactic requiring manual effort. The PDF details an inflated fee of $49.99, above the usual subscription fee, accompanied by a seemingly legitimate customer service number.
Notably, the attackers went beyond typical tactics by using a sender email that looked like a legitimate Disney+ address, incorporating brand colors, and personalizing subject lines and greetings. The emails showed no obvious signs of phishing, such as spelling mistakes or malware-laden attachments, making them difficult for both traditional security solutions and individuals to detect.
“What sets this attack apart is the level of customization and attention to detail by the perpetrators, making it difficult for traditional security solutions and even vigilant individuals to identify it as malicious,” he said. writes Britton.
“Based on initial research conducted in late September, the threat actor targeted 44 individuals across 22 different organizations with this Disney+ spoofing attack. »
Although the technical details of the attack are not explicitly described in the abnormal notice, the primary attack vectors appear to involve a combination of email spoofing/phishing, attachment-based tactics, phone-based social engineering and brand impersonation.
The study highlighted the difficulty for secure email gateways (SEGs) to report such attacks, given the lack of clear indicators of compromise (IOCs) and reliance on historical data for domain reputation. Employees, on the other hand, face challenges due to the convincing impersonation of a brand of trust and a sense of urgency.
To combat such attacks, the research article recommends AI-native email security solutions that use machine learning, behavioral AI, and content analytics.
Image credit: AFM Visuals / Shutterstock.com