Malicious users have discovered that adapting some of the advanced techniques used by persistent threat groups (APTs) to their techniques works extremely well. Another targeted threat to watch out for, according to Kaspersky researchers, is corporate doxing, the process of collecting confidential information aimed at harming the organization and its employees and generating profits. The spread of publicly available information, data leaks and technology, as well as confidential information from employees, leakage of money is also zammakes it easier than the current one.
One of the most common methods used in doxing attacks stands out as Business Email Compromise (BEC) attacks. BEC attacks are defined as targeted attacks in which criminals initiate e-mail chains between employees as if they were from the company. Kaspersky detected 2021 such attacks in February 1.646 and warned the public of doxing attacks that make organizations' information public. Generally, the purpose of such attacks is to steal confidential information or steal money from customers.
Kaspersky researchers regularly analyze cases where criminals use emails very similar to real emails to raise money and impersonate employees of target organizations. However, BEC attacks are just one type of attack that uses public information to harm the organization. In addition to relatively straightforward methods such as phishing or profile compilation, more creative, technology-oriented approaches are also common. Prior to such attacks, the criminals were informed about the names and locations of the employees, their locations, and their vacations. zamIt collects and analyzes public information that they can find on social media and elsewhere, such as their moments and connections.
One of the most popular corporate doxing attacks is identity theft. Generally, attackers use their information to profile specific employees and use their identities. New technologies such as deepfake facilitate the execution of such initiatives in the presence of publicly available information. For example, a realistic deepfake video in the image believed to be an employee of the organization can severely damage the company's reputation. For this, the attackers need a clear photo of the targeted employee and some personal information that they can find on social media.
Also, voices can be abused. A senior executive presenting on the radio or on podcasts potentially lays the groundwork for his voice to be recorded and then imitated. In this way, scenarios such as an urgent bank transfer request with a call to employees or sending the customer database to a desired address become possible.
“Enterprise doxing is an issue that should not be ignored, posing a real threat to the organization's confidential information,” says Roman Dedenok, Kaspersky Security Researcher. Doxing threat can be prevented and risk minimized with strong security procedures in-house. If the necessary precautions are not taken, such attacks can cause serious financial damage and loss of reputation. The more sensitive the confidential information obtained, the higher the damage will be. "
You can learn more about the techniques that doxing attacks use to target organizations at Securelist.
To avoid or minimize the risk of doxing, Kaspersky recommends: Establish strict rules to never discuss business matters outside of official corporate messaging practices, and ensure that your employees strictly abide by these rules.
Help employees become more knowledgeable about attack techniques and become aware of cybersecurity issues. This is the only way to effectively counter social engineering techniques used aggressively by cybercriminals. To do this, you can use an online training platform such as Kaspersky Automated Security Awareness Platform.
Educate employees on basic cyber threats. A worker experienced in cyber security issues can prevent the attack. For example, when he receives an email requesting information from his colleague, he will know to call his colleagues first to verify that they actually sent the message.