Spearphishing – the new cyber threat

Andy Cuff of Computer Network Defence (CND)Spearphishing 

One of the country’s leading cyber-security experts is warning about the latest threat posed by hackers – spearphishing.

Andy Cuff, managing director of Computer Network Defence (CND), reported the issue after one of his own staff was used by a criminal in an attempted scam.

Spearphishers are so-called because they spend a little time researching specific individuals on social media rather than sending out hundreds of thousands of hopeful scam emails of which a small number will be caught in their net.

They appear to use financial information from Companies House to identify high net worth individuals then scour social media for friends of the person whom they then impersonate.

Using a ‘friend’s’ email address they send a message to the target with a link that, if clicked on, will infect the system, allowing funds or intelligence to be stolen by the hacker; or ransomware installed.

They tend to target newer businesses that have done well as they assume they won’t have the toughest security measures in place.

The highly-targeted approach is a step-up from standard ‘phishing’ emails and is extremely effective.

Andy, whose company is headquartered in Bath, said: “It really is a more sophisticated way of attacking people as it is highly targeted.

“A variation of spearphishing is known as ‘whaling’ where the attackers seek to dupe company executives into parting with money.

“The spearphishing emails when received look totally legitimate and as if they are from a friend so there is apparently no reason why you shouldn’t trust it and click on any links.

“Recently a friend of one of our senior staff called him to ask him why he had sent him an invoice; he was perplexed because it hadn’t come from him.

“Being a cyber-security company we asked that the email be forwarded to us for analysis.

“The sender had changed his name to the email address of our employee and used the full name of the target.

“The link within the email led to a document containing a macro virus. We ran the link through a reputation checker and a number of other organisations had looked at the same link that day.

“This suggested that it was a new link that had been used several times and was identified as suspicious.

“At first it looked like a standard phishing email, but there were a few interesting elements which made it a spearphishing attack.

“There is no business relationship between our employee and the target and yet the email address was sent using our business address. Their only link is on Facebook.

“The target’s new business had been extremely successful with an annual increase in profit of 500%, as would have been deduced from its figures on Companies House.

“If a victim has their email account compromised the attacker will usually send emails to every contact he can find. But as that didn’t happen in this case it implied the email was crafted to the individual.

“We would surmise that the attacker had identified the target as a recent high net worth individual with a fairly new company and no website, suggesting that he had minimal security and a limited IT knowledge.

“Some social media investigation identified a relationship between these individuals, and their unusual names, coupled with their internet presence, enabled business-to-business email addresses to be identified.

“It’s worth double checking any emails received and looking at the email addresses carefully.

“Another clue was that the English in the email was impeccable, but clearly written by someone for whom it was not their first language.

“People should update their operating systems and antivirus software and yes, even Apple computers should have antivirus software.”




Notes to editors:

Computer Network Defence (CND) was set up in Bath by Andy Cuff in 2004 and covers all aspects of information security. It has grown organically and now employs 50 staff.  CND specialise in providing consultancy services focusing around the development, implementation and manning of Secure Operation Centres (SOCs) and complex Intrusion Prevention System deployments. It has a high number of skilled consultants and only provides products that are of the highest quality. CND also has a long-standing recruitment part of the business, which provides staff for all areas of the cyber security; in both private and public sectors.


For more information contact Ed Baker at Deep South Media on 01202 534487 or 07788392965