By now, most organisations are aware of the potential damage phishing emails can cause, as cybercriminals invest more time into creating sophisticated attacks that are harder to detect.
Understanding that the weakest point of company security is its workforce, carefully constructed emails are sent to employees in a bid to dupe unsuspecting individuals, allowing the attacker access to sensitive information and company data.
Already this year, researchers at Proofpoint have identified a phishing toolkit that uses the novel strategy of encoding data by use of a substitution cipher that relies on a custom font to decode.
This specific attack was first observed in May 2018 and was used to create phishing pages for a ‘major US bank’, serving as a reminder for businesses to remain vigilant against potential threats, as attacks become more creative and dangerous.
What was the attack and why couldn’t it be detected?
While encoding source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique in its use of web fonts to implement the encoding.
When the phishing landing page rendered in the browser, users were presented with a typical online banking credential phish containing stolen bank branding, however, the source code of the page included encoded display text.
For a phishing email to be successful, the decoded data must be displayed to a potential victim, which can be achieved through a straightforward substitution cipher.
Using a customised version of the Arial font with individual letters transposed, criminals designed an attack that appeared normal when the page was loaded, but when a user or programme attempted to read the source, the text would appear jumbled.
This encoded text made it impossible for the attack to be programmatically detected unless security software was designed to solve substitution ciphers, allowing emails to slip past security measures and into the victim’s inbox.
Dangerous levels of sophistication
Evading programmatic detection, this phishing attack is an example of how cybercriminals are constantly looking for new ways to target organisations.
It appears to be the first time a substitution cipher has been used in a phishing attack, highlighting the dangerous levels of sophistication attacks are currently experiencing.
Unfortunately, many individuals can make the mistake of assuming such an attack will never happen to them, placing too much trust in the security measures in place and disregarding instructions to avoid suspicious looking emails.
As this case has proved, cybercriminals are finding new ways to infiltrate systems and trick people, so it is always wise to exercise caution before clicking a link or loading an email from an unknown sender.
Strengthening your in-house security
Protecting your organisation from potential threats is an ongoing process – it’s not something that can be simply guaranteed through the implementation of security software.
With cyber attacks constantly evolving, it’s important that your security measures are reviewed regularly, and improvements are made to mitigate the risk of an attack.
An important aspect of cyber security is personal development and training, as criminals are aware that your workforce is the weak link and design phishing emails to dupe even the most vigilant of individuals.
Often the best way to prepare is through practice, ideally without the risk of causing genuine damage to your business.
Through our Phishing Tackled programme, we offer organisations of all sizes and complexity the opportunity to put their security to the test, simulating attacks to help uncover the strengths and weaknesses within your team.
As part of this service, organisations will receive measured results and reports relating to their existing security, identifying areas for improvement and offering training sessions for those individuals who require it.
Most importantly, these services will educate your team on the new sophisticated attacks and show you how to spot them before they cause irreparable damage to your business.