From phishing emails to call centres and beyond…

Cyber issues, by their nature are constantly evolving, which can make it testing for insurers to keep pace. Take a look at the figures for 2022 alone – cyberattacks have increased by an average of 40%, with threat actors able to expedite the reconnaissance through the exploitation of attacks from weeks, to days, to mere hours.

Indeed, the statistics are as staggering as they are eye-catching. According to Zscaler, there has been a 29% increase in phishing attacks globally – reaching a new record of 873.9 million attacks. This comes in the face of continued remote work, which leaves corporate and personal devices increasingly exposed, particularly if users don’t have enterprise level cybersecurity at home.

Poor cybersecurity combined with increasingly connected personal devices, has given attackers numerous advantages. Even the methods being used to fight back have not been foolproof. For example, Multi Factor Authentication (MFA), which, according to TeleSign, makes nine in 10 consumers feel their online information is more secure, has seen threat actors pivot to reverse proxy tools and phishing-as-a-service platforms to mitigate its effectiveness. New techniques have developed to steal authentication tokens and bypass MFA across mainstream websites including Facebook, Google, GoDaddy, PayPal and more.

Then there are services such as EvilProxy, which enables low-skill threat actors who don’t have the technical expertise to steal online accounts that are otherwise well-protected. When the victim connects to a phishing page, through the use of a reverse proxy, the bad actor is able to display the legitimate login form, forward requests, and return responses from the company’s website while using session cookies to then gain access to the account. The difference between more traditional phishing frameworks and EvilProxy is that the latter is far simpler to deploy, offers detailed instructional videos and tutorials, a user-friendly graphical interface, and a rich selection of cloned phishing pages for popular internet services.

Expanding phishing – from emails to call centres

Recently a new approach has been developed whereby call centres are being used to distribute some of the most damaging Windows malware. It starts with a phishing email, but from there deviates to a new way to distribute – using phone call centres to distribute malicious Excel documents that install malware.

Instead of bundling attachments with the email, BazarCall emails prompt users to call a phone number to cancel a subscription before they are automatically charged. These call centres then direct users to a specially crafted website to download a “cancellation form” that installs the BazarCall malware.

Attacks all start with a phishing email targeting corporate users that state the recipient’s free trial is about to run out. When a recipient calls the listed phone number, they are greeted by a live person – and when asked for more information or how to cancel the subscription, the call centre agent takes the user to a fake website, stays on the phone with the victim and guides them through the fake cancellation process which results in the user downloading and executing the malware on the victim’s computer.

This industrialization of different attack methods and using live operators is an emerging trend in attacks for businesses and individuals. Unfortunately, even with the cybersecurity community’s combined efforts, these distribution methods have been very successful.

How to get help?

At BOXX we are dedicated to simplifying the cyber insurance journey for our clients through our dedicated Hackbusters team. The Hackbusters™ guiding principle is fighting cybercrime through prediction, prevention and recovery. At its core, our model is designed to protect the clients that drive the Canadian economy and create value for our communities.

The Hackbusters™ journey starts by working with the client at onboarding to predict what their cyber threat landscape looks like. This is done by obtaining key information about the client, their industry, online presence, domain, and checking their information in our DarkWeb database. Each client is then given a unique score in categories such as network security, DNS Health, patching cadence, endpoint security, hacker chatter, information leaked, and social engineering exposure which the Hackbusters™ are able to monitor.

Almost as important as prediction is prevention. Once a client has been onboarded the prevention starts. Our technology driven platform takes in the newly onboarded client data and automatically updates clients scores, notifies the Hackbusters™ when the client is mentioned on the DarkWeb and generates notifications about the latest attack vectors. This means that while our customers are focused on building their business, helping communities, or enjoying their weekends, the Hackbusters™ team is keeping them cyber secure.

When a cyber event does happen, BOXX Hackbusters™ are available 24/7/365 to provide expert service and support when they’re needed most. Working in close coordination with nationally recognized privacy and security experts, our Hackbusters™ team is at the client’s side every step of the way.

We know that our clients are generally small to medium sized business or individual clients operating a small practice. They have often never had or been aware of cyber insurance prior to obtaining it. This means that most often when they first call it’s because they need advice and assistance. That advice and assistance shouldn’t come at the risk of damaging their claims free record. That’s why Hackbusters™ provides each client with dedicated breach advice and privacy regulation assistance for up to three hours to mitigate any event. In 2021 alone, this resulted in 80% of reported cyber events being handled and mitigated within those three hours with no formal claim being opened. That means clients are back focusing on what they do best while we do what we do best – helping them recover and stay secure.