KaufmanIT

An Old Cyber Attack Has a New, Clever Twist: How Not to Fall Victim

By Matthew Kaufman December 9, 2024
man hiding under laptop with help sign

We recently learned of a new form of ransomware attack that readers should be aware of. The attack starts when malicious actors register a victim’s email address for hundreds of free newsletter subscriptions.

This may sound like an old attack known as “email bombing,” which in the past was a scheme meant to distract from a malicious activity taking place elsewhere in the network.

This version, however, works differently. Full details are below but first, some background:

We have a close working relationship with a firm that provides incident response and network recovery after a data breach – the specialized experts who companies hope they never have to call. Not surprisingly, their business has been growing rapidly in the past few years as cyber-attacks have continued to skyrocket.

Recently, this company’s leaders shared with us a new and clever ransomware attack they’ve only started seeing over the past 6 weeks or so. In fact, they’re managing two current recovery projects for companies who fell victim to the scam.

Here’s how it works:

  • Hackers collect employee email addresses at the target business, which is easy enough to do through various online sources.
  • The bad actors then sign up some, or all, of those addresses for hundreds of email subscriptions each, which then overload inboxes and spam filters.
  • Sometime after, phone calls are placed to end users saying the caller is from IT, with a “technician” who needs to connect remotely to help clean up the email issue.
  • If the user joins the remote access session that’s offered, the ransomware payload is deployed and detonated.

This attack is simple yet effective, exploiting an obvious weakness: frustrated users who are relieved to hear that their email issues will be resolved.

How can a business avoid falling victim to such an attack?

The best line of defense is an advanced, multi-faceted email security solution, like SecureKIT™ Mailbox, which can recognize and defend against email bombing.

For companies who get hit by such an attack, however, there is one positive action they can take: clear, immediate communication with employees regarding what to watch out for is imperative. They mustn’t click on any remote access session links that are sent by email, Teams or other means. Ideally, they will be required to hang up or disconnect from the inbound offer of help and make an outbound call to verify the authenticity of the IT resource.

There is one more important point about this new threat, by the way: our source said that sometimes these calls to the end user will come many days, or even weeks, after the incident. This means targeted victims cannot let their guard down just because the wave of incoming emails has come to a halt.

Hopefully, your business will never be at the receiving end of such an email attack. If it happens, however, now you know what the hackers’ playbook might look like.

Get the IT Expertise You Deserve

Green Arrow Vector SVG (1)

You’re here now – why wait?

Find out why our award-winning team is also one of the fastest-growing technology providers in California.

Request a call today!

KaufmanIT-BIMI 5

    Scroll to Top