Whether they are experienced or novices, today’s threat actors have a choice to make. They can go after low-hanging fruit—users or systems that are relatively unsecure but offer smaller reward. Or they can try to compromise the big fish—targets that are more closely guarded but could but could provide a bigger payoff if successful. However, there’s a third option—a sweet spot, if you will: high value targets that tend to deliver a worthwhile payoff.
The identity of these low risk, high reward targets may surprise you: senior-level executives.
That’s right. Today’s threat actors are increasingly targeting the high-level executives at companies, government agencies and organizations around the world—not just because they hold the keys to valuable systems and data, but because they are often under-secured. Security teams need to do a better job of balancing a top executive’s standing and responsibility with the risk they pose to the organization.
Due to their standing and importance to the organization, C-Suite executives can be a useful tool for enterprising threat actors. For one, they are extremely busy, are often pulled in different directions over the course of a day, and tend to work long hours into the night—making it more likely a phishing email may get a response from an overtired, overstretched executive. Members of the C-Suite also lead relatively public lives with many delivering speeches at industry conferences or trade shows publicized by the organization’s public relations department. Social engineering information from LinkedIn, vendor case studies, media articles, and other publicly available media can also be used to improve spear phishing emails that reference a vendor, partner or customer.
For example, a hedge fund in Australia was scammed out of nearly $8 million when threat actors gained control of the company’s accounting systems and were able to send dozens of fake invoices to customers. How did the scammers get access? A carefully crafted spear phishing email that was clicked on by one of the company’s founders.
Once breached, executives also offer an opportunity for threat actors to leverage their influence over subordinates. A well-placed email from a senior executive to a low-level employee can be quite convincing. Just ask the CFO of Leoni AG, a German manufacturing company. A spear phishing email purportedly from the executive resulted in an accountant wiring €40 million to a fraudulent account. The CFO is now the former CFO. Another spear phishing campaign targeted C-level executives at an Australian aerospace company, leading to the loss of $47 million. In this case, both the CEO and CFO were eventually fired.
Stopping attacks aimed at the C-Suite can be as simple as enforcing good, clean cybersecurity hygiene across the organization. Unfortunately, many senior executives can get themselves exempt from many basic cybersecurity controls—especially when it comes to authorized access to various business systems. The CEO may have needed access to the company’s payroll once, several years ago during an accounting emergency. But rather than revoke access after the fact, access remains intact despite a clear risk and no on-going business need. It’s not uncommon for executives to claim unimpeded access to anything and everything without thinking about the consequences of these shortcuts.
Extended Detection and Response (XDR) solutions can provide the visibility needed into access and authorization policies, identify security threats and provide actionable recommendations for reducing security risk. A holistic solution that spans endpoint, user, network, and other security layers is essential for identifying trends or disparate events that may indicate an attack is underway. Correlating this information in a single dashboard powered by artificial intelligence (AI) and machine learning (ML) can make it easier for overstretched security teams to analyze the attack in real time and reduce mean time to detect and mean time to response.
Consider these three key tactics for safeguarding your C-suite executives against spear phishing attacks:
Attacks that target high-level executives are likely to have outsized impact on the organization, so it’s critical to detect them as quickly as possible before real damage is done. This means having the ability to correlate security events and information in a single XDR solution where AI/ML can analyze seemingly unrelated events to detect an attack in progress. Even the best analysts in the world would have a hard time piecing together a complex attack chain in real time, so it’s important that your XDR solution can make these connections for you in real time to reduce mean time to detection.
The clock starts ticking once you’ve detected a breach, and it’s critical that you start collecting relevant information as quickly as possible. XDR solutions can provide security teams with the context they need to truly understand the attack, automatically gathering information about how it made its initial access, how it was able to spread, what systems have been impacted and whether there has been any data exfiltration, command and control communications or other evidence of nefarious action.
As you may have noticed, speed is of the upmost importance when dealing with an executive-level breach, so it’s important that your XDR solution provides actionable information for how to stop the attack and then how best to mitigate its impact. This includes recommendations for quarantining specific systems, shutting off access to certain users, powering down applications or restoring end points.
Attacks on the C-Suite can be quite damaging—leading to a loss of revenue, dismissals or even the company going bankrupt or out of business. Unfortunately, despite the outsized risk they pose to the organization, many senior-level executives are laissez-faire about security, prioritizing access and productivity over simple security controls. Fortunately, good, clean cybersecurity hygiene across the entire organization can stop many of these attacks. XDR solutions allow security teams to assess authorizations across the organization to identify and clean up outdated or risky policies. XDR solutions also provide visibility and context into events so they can be detected, analyzed, and resolved as quickly as possible.
Learn more about attacks of the C-Suite and how XDR solutions can help mitigate this risk.
Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.View all posts
Don’t miss out on exclusive content and exciting announcements!