© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Conversation hijacking: when trusted person becomes your worst enemy


Given the tremendous growth in phishing attacks in recent years, many of us have become wary of suspicious-looking emails that contain links designed to encourage us to share passwords and allow criminals to deliver malware or steal money.

Our guard may not be as raised when we're conversing with friends and family via our favorite email platform, however. After all, WhatsApp, Signal, and other platforms make much of their security, so surely, we can let our guard down and relax when we’re talking with people we know and trust.

This confidence might be misplaced, as conversation hijacking is an increasingly common and advanced form of phishing where criminals utilize existing conversations to conduct phishing attacks that can spread malware, extract credentials, or elicit money from unsuspecting victims.

Such attacks are usually highly effective precisely because they appear to be coming from a trusted source and are part of an existing communication chain. After all, when attacks are injected into ongoing conversations, they can appear natural, so if our friend or family member appears to be asking us to download an attachment or send some money, it can be hard to suspect anything is amiss.

A growing threat

Suffice to say, conversation hijacking attacks are far less common than more traditional phishing attacks, but data suggests that they're still happening thousands of times each month. Indeed, analysis from cybersecurity firm Baraccuda shows that conversation hijacking attacks more than doubled between Q1 2021 and Q4 2021.

"Conversation hijacking, also known as vendor impersonation, is a type of targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources," the researchers explain.

Conversation hijacking is often done in conjunction with more traditional phishing attacks, as the criminal first looks to take over an account. They then spend time understanding the nature of the account, the kind of emails that come and go, and the operations conducted by the individual and their business. The aim is to be able to successfully impersonate the individual at the appropriate time, as well as accurately impersonate the procedures of the organization and the kind of deals they're engaged in.

After time spent monitoring the nature of communications, the criminals pick the most opportune moment to craft what appear to be extremely convincing and authentic-looking messages from impersonated domains in order to fool the victim into sending over money or changing payment information in some way.

A devastating attack

As such, conversation hijacking marks a particularly effective form of spear-phishing whereby highly important individuals tend to be targeted by criminals who are happy to spend a greater amount of time crafting their attack because the payoff can be considerable if they get it right.

This can often involve spending a considerable amount of time and effort impersonating a domain before attempting to hijack the conversation. Domain impersonation allows criminals to try and take the conversation both outside the organization and also outside the security protocols of the organization. This is important as even if the originally compromised account is then resecured, they can continue the attack via the impersonated domain.

Conversation hijacking is often a highly researched and personalized form of attack, and this research can make them not only extremely hard to detect but also highly effective. It’s a form of attack that has been rapidly growing in recent years, albeit from a small base.

"Conversation hijacking makes up only 0.3% of the social engineering attacks we’ve seen in the past year. However, even in small numbers, they can be devastating for organizations," the researchers explain. "The overall volume of conversation hijacking has been growing over the years, and their popularity among hackers doubled in 2021. This is not surprising because while these attacks require a lot of effort from hackers to set up, the payout can be significant."

Protecting against conversation attacks

So how can we better protect ourselves against conversation attacks? The first step is to ensure that conversation hijacking forms part of your cybersecurity training and awareness programs. Your employees need to be aware that such things exist.

The next step is to then understand that nearly all conversation hijacking begins when the hacker has managed to take control of an account, so it’s vital that account takeover protection strategies are used, such as multi-factor authentication.

Organizations can then deploy a range of technologies, such as artificial intelligence, to help effectively detect attacks, such as conversation hijacking, that attempt to bypass filters and other defenses. If these can be accompanied by robust policies, procedures, and guidelines to ensure that any money transfers or email requests are confirmed and secure then you have a decent chance of fending off this growing form of cyber threat.


More from Cybernews:

Four arrested over pirate streaming network

Nvidia sued over graphics card

AI-powered platform spills sensitive business data

Scalper bots are getting ready to snatch your Black Friday discounts

Price of corporate espionage: Chinese intel officer sentenced to 20 years in Ohio

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked