Do you publicise your management team? You're helping hackers, says Mimecast

Showing the world who your management team are, what they look like and what their contact details are helps hackers with social engineering attacks

Firms which publicise their management teams, revealing what they look like, their names, titles and contact details, are making life easier for hackers looking to make social engineering attacks.

That's the opinon of Hiwot Mendahun, product manager at Mimecast, speaking at today's Enterprise Security and Risk Management Summit from Computing.

Social engineering attacks are where hackers pretend to be someone known to a user, or someone who should be trustworthy, in order to extort money or sensitive data from them.

Mendahun explained that many other standard and even unavoidable business activities serve to increase an organisation's risk profile.

"It's now easier for attackers to target businesses, as there's so much information out there," said Mendahun. "Do you hire staff, do you accept CVs? Do you have finance teams moving money around? Do you have characters in your business' name which could look like characters in other names? Do you publicise your management team? Attackers use this information to craft targeted attacks, and it's hard for traditional security systems to detect these," she added.

She described several phishing attacks Mimecast has seen on its own systems.

"We had someone emailing the CEO's PA, pretending to be the CEO himself. You can use LinkedIn to find out most information you need to understand the internal relationships at a firm."

She showed the email in question on a screen at the event, which at first glance appeared to have come from the CEO, using Mimecast's internal domain. On closer inspection the domain turned out to be @Mimacast, which is easy to miss.

A second malicious email purported to come from the organisation's CFO to another person in finance, asking for an urgent transfer of funds. This was even harder to spot as fake, coming from @Mirnecast, which when viewed on an email client is almost indistinguishable from the real thing.

"On the screen it looks almost identical," said Mendahun. "They registered the domain on the same date the attacks took place. With this kind of attack you can't blame end users for falling for it," she added.

Mendahun explained how Mimecast can help organisations with malicious attachments and links.

"Email attachments are one of the top vectors for attackers trying to penetrate your systems.

"Mimecast rewrites the links coming in to your organisation. So when a user receives an email and clicks, they have real-time protection. You can do real-time analysis on the destination, scrape out the malicious code or any malicious characteristics you see.

"On the attachment issue, admins previously were able to block .exe files from an external source. In the last few years there have been lots of productivity file types used for attacks, like documents and spreadsheets containing macros that download a payload onto users' machines. That's oftenused to spread ransomware.

"It's commonly used as you have teams like HR who are waiting for attachment file types from sources they don't know, it's an open door.

"So you can take that attachment, and open it in a sandbox area. If there's anything suspicous, you can block it. But that can take time and attackers try to evade it. So Mimecast provides a safe copy to end users. It gives a read only view of that attachment, with no scripts or macros. Around 90 per cent of the time that's enough for end users. If they still need the original attachment, that can still be released after it's gone through to the sandbox. It adds another layer of security," she explained.