Hackers use previously compromised credentials to exploit the email threads. The goal behind conversation-hacking is to gain trust with the business before targeting it for money or installing malware.
“Once they gain access to the account, attackers will spend time reading through conversations, researching their victims and looking for any deals or valuable conversations they can insert themselves,” said Don Maclennan, senior vice president of engineering and product and Barracuda Networks, to ZDNet.
While this phishing technique is new and relatively rare, it made waves last year. Between July and November 2019, conversation-hacking instances increased more than 400 percent, according to research from Barracuda Networks.
“These attacks are highly personalized, including the content, and therefore a lot more effective. They have the potential of a very large payout, especially when organizations are preparing to make a large payment, purchase or acquisition,” said Olesia Klevchuck, senior product manager for email security at Barracuda Networks, to ZDNet.
Hospital employees should double check email addresses coming from domains that are slightly different. Additionally, employees should be cautious if they get sudden demands for payments.
More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers’ emails
