Cybercriminals target senior executives because they have privileged access to valuable corporate information and considerable internal influence. Firms can mitigate the risks of their senior executives being targeted by cybercriminals by regularly auditing their online digital footprints and taking steps to reduce information that is exposed.
Executives and high net worth individuals have long been a prime target for cybercriminals, due to their high level of access to corporate data, their elevated level of authority and their influence within a firm.
In a recent example of criminal targeting of senior executives, the CLOP ransomware gang reportedly prioritised the targeting of executive workstations in a bid to steal sensitive data and use it as leverage to exert further pressure on their victims. In our State of Cybercrime 2020 report, we discussed the development of tactics used by ransomware groups. As well as seeking out valuable data to encrypt and systems to render inaccessible, ransomware groups now routinely look for sensitive data to steal. Groups are increasingly now demanding two ransoms, one to get decryption keys to unlock encrypted files, and now another to avoid having corporate data leaked online. Groups now operate their own leak sites where they publicise data from those who have not paid up. Senior executives can hold sensitive information about the inner workings of their businesses and corporate secrets. Public exposure of this information could not only cause embarrassment, but it could also lead to greater regulatory scrutiny, a loss of customer and shareholder confidence and affect a business’s bottom line.
It is not only ransomware gangs who realise the importance of selective targeting. Business email compromise (BEC) fraud is when attackers gain unauthorised access to employee accounts so they can impersonate them and divert payments to themselves. This kind of fraud is also known as “CEO fraud” for good reason. Executives are often impersonated in these attacks as they wield considerable influence on employees. Receiving an email from someone you think is your CEO asking you to make a payment quickly is often sufficient pressure to do so without verifying the transaction from another source. It is precisely this power dynamic that cybercriminals and fraudsters exploit to their advantage. Beyond C-suite executives, cybercriminal also know that IT workers, HR employees and finance professionals can all hold valuable data and access, which make them attractive as well.
This kind of targeting is not new. Prior to launching attacks against businesses, attackers often gather information about their targets, including personal data such as employee names, email addresses, as well as sensitive details such as username and password credentials. As well as gathering this data from phishing, attackers can also gather the information from open sources such as social media accounts, personal websites, or leaked data from other attacks in which their credentials have been exposed. Similarly, an individual’s close network and family may also leak unwanted information.
Managing this exposure is key to securing these individuals, their wealth, and their businesses. MDR Cyber emulate attacker and fraudster techniques to gather data around key individuals. We have access to hundreds of data sources, including breached data, social media and technical records. We can help businesses and individuals understand their own security and privacy exposures by identifying risks. Our team of investigators look at unwanted personal data published online, identify social media impersonation accounts, evidence of online threats against them, and can review online information that may cause reputational issues. Married with the expertise of our investigators and the support of our legal colleagues, we can advise clients on ways to reduce the availability of the data exposed, or mitigate the risks.
Please subscribe here to receive latest updates from MDR Cyber.