Recently, our friends at Barracuda found a new phishing campaign that banks on the popularity of cloud services used in most businesses, such as Microsoft Office 365.
According to their blog post, this latest scheme takes advantage of the natural trust employees place on messages they receive from colleagues using the correct email address. Dear reader, this campaign is beyond impostor email or business email compromise (BEC). Barracuda is calling it the 'new insider threat.'
BEC phishing campaigns usually originate outside the target organization. The threat actor creates an email address that may appear like the real thing, just like what we've seen here, and then uses it to convince someone in the organization to wire money their way. If a threat actor successfully infiltrates an organization's email platform in the cloud, then the threat becomes something else. The threat actor has become an identity thief and an insider who is now the biggest threat to any organization. At that point, the possibilities of abuse are endless.
Businesses can combat this new attack by continuous education and awareness efforts. It also pays to add multifactor authentication for additional ways employees can verify their identities before being allowed to access their work emails.