What is Whaling attacks? how to prevent them

What is a whaling attack? How do you defend against it?

Imagine a person with malicious intent impersonating your coworker, trying to steal some of the most sensitive financial and company-related sensitive, and confidential information.

What would you do?

Now imagine that the person is impersonating a person from top management – A CEO or CFO.

What would you do then?

A whaling attack is exactly like this.

And what makes it dangerous is not just the size of the attack but also the sophistication with which it is carried out. It makes it almost impossible for a non-expert to detect an attacker.

Only last year, GoDaddy, the world’s most renowned web hosting company, became a victim of such an attack that ended up costing them the data of their 1.2 million customers.

Let us delve into what whaling attacks are and how we can prevent them through our blog.

What is a whaling attack?

It is a cyber attack aimed toward top management and other top personnel of the company. It is called whaling because of the massiveness of the attack, similar to catching a whale.

These attacks are targeted at top management executives such as the CEO, CFO, COO, etc. because they store quite a lot of confidential information exploitable by the attackers.

One thing is common in all the whaling attacks. These attacks are strategically executed phishing attacks.

Phishing attacks are social engineering attacks carried out via mail, targeted towards businesses with an IT infrastructure that stores a lot of sensitive information that could be personal or financial information.

Attackers are looking to exploit that information for monetary or political motives. The attacker sends an email that is convincing enough for the victim to click on it.

In a study conducted by Terranova Security, it was found that 67.5% of employees enter their credentials on a phishing website upon receiving a phishing email.

Example: An employee receives an email from a sender posing as a top management executive. The mail asks them to input account information that may involve their personal information to set up their account on a malicious site that gives the attacker critical access credentials to sensitive information.

Example: An office worker gets an email with a link from a recognized person from the top management with the subject “your account needs action” or similar.

Once the link is clicked, their system downloads malicious software like malware or a keystroke logging software that may run in the background sending sensitive information to the attacker perpetrating a harmful attack.

The attacker can carry out a Denial of Service (DoS) or a ransomware attack.

What happens in a typical whaling attack?

Some signs to look out for

According to APWG, Business email compromise attacks have increased significantly from 61% to 72%, with Gmail as a primary delivery mechanism.

In a typical whaling attack, an email in the name of a known person of a high position (usually CEO or CFO) is utilized to perpetrate an attack.

They utilize free webmail providers to mask themselves as known and a person of high position. The attackers personalize emails to make them look like they come from a top management executive.

They may use your company’s logo, fonts, branding, and other information. In short, they may go to any length to convince you that the mail is from a genuine person( usually CEO or CFO).

But how does one identify a whaling attack? Rest assured.

We have compiled a list of things you should be aware of to distinguish a whaling attack.

Here are some signs that you must look out for when receiving suspicious mail:

Strange email address: Attackers use an email address that looks familiar to the work email address. Therefore, look if you can find the sender’s email address information in the company’s official contacts list. If the mail is from a senior official, there is a high chance that it will pop up right when you try to send a new mail. So, try sending a new email.
Unknown attachments: A whaling mail may have email attachments that seem fishy. Look for email attachments that a senior official would never send in everyday situations.
Urgency and improper grammar: A mail sent by a senior official is proofread for syntax and grammar errors a hundred times. See if you can point out easy-to-find syntax and grammar errors. Emails sent by whaling attackers have a tone of urgency, asking you to share your information quickly to initiate an attack on your organization’s cybersecurity before getting detected.
A request to share personal or financial information: Most whaling attacks are targeted toward stealing personal and financial information. If you get an email from a suspicious address, requesting you to share any sort of financial or personal information, chances are, it is from an attacker looking to steal information.

Whaling is one of the most damaging modern cyber attacks that have cost organizations millions of dollars, not to mention the loss of reputation and data.

Modern whaling attackers are well aware of anti-phishing methodologies deployed by organizations, therefore, they engage in more sophisticated attacks. They design their attacks backed by research on some of the most commonly used industry jargon, keywords that may raise the interest of the victim. They may pose as a potential business partner, a high-value prospect, or an authoritative figure like a government official in a customized mail. They may even go a step further and exploit a physical security vulnerability and place a storage device such as a pen drive with malicious software and send a mail instructing them to use it.

Commonly known motives behind whaling attacks

Here are some of the commonly known motives behind whaling attacks:

Personal: A whaling attack can be carried out by a cyber attacker for a personal motive to damage the reputation of the company in the eyes of some of its key stakeholders.
Financial: The most common motive of cyber attackers engaging in whaling is financial motive. The main reason is that top management executives are big fishes in the eyes of cyber criminals who possess huge amounts of money or high-value sensitive information.
Corporate espionage: A whaling attack can also be done by a cyber attacker who is hired by a competitor (domestic or international) on the dark web to steal sensitive company information such as trade secrets or any other sensitive information.
Political: This kind of attack can also be carried out by state-sponsored cyber attackers on companies that provide essential services for a political motive.

How is a whaling attack any different from sphere phishing?

Spear phishing and whaling are two terms that relate to a phishing attack.

Phishing is a term that roots in fishing, where a fisherman hunts using a huge net and tries to catch as many fishes as he can by using a range of baits.

Similarly, whaling is when a big fish comes into the picture since big fishes have a higher value. In the cyber world, whaling is aimed at big players, hence the word whaling is used.

A spear-phishing attack is a form of phishing attack that is aimed at specific individuals that are targeted by cybercriminals. It could be any individual or set of individuals, however, in a whaling attack, only individuals belonging to the top management are targeted.

Now that we have explored the subtle differences between spear phishing and whaling. Let us get into some of the ways we can prevent whaling attacks.

10 measures to prevent whaling attacks

To prepare a better mitigation strategy against sophisticated attacks such as whaling, we recommend that you seek help from cybersecurity experts who are better equipped with resources, expertise, and solutions. You can take the following steps to mitigate and prevent a whaling attack in your company:

Normalize usage of general cyber security measures for emails such as setting a strong password, using multi factor authentication, and scanning attachments before downloading.
Take measures to ensure physical security through assessment of vulnerabilities in physical security.
Autoblock most of the malware and phishing emails by installing antimalware applications.
Spread awareness about whaling and social engineering attacks amongst your employees and all the key top management personnel who are susceptible to whaling.
Set specific guidelines and rules about sharing personal and sensitive information over emails.
Create policies to protect data and email usage, directing users to detect malicious emails.
Engage in the segregation of sensitive information such that all the information or data cannot be extracted from a single source
Implement an organizational email protection software that scans emails of all suspicious links and blocks emails from suspicious email addresses.
Hire a cybersecurity company who are better aided with personnel and expertise to create a defense against such attacks.
Take the assistance of cyber experts to conduct a comprehensive assessment of all the vulnerabilities in your IT infrastructure for long-term prevention of cyber threats.

How can we help?

Most organizations don’t have the expertise they need to combat sophisticated attacks such as whaling. They either don’t have the right team or they lack skilled personnel. This is the main reason why cyber criminals easily penetrate their defenses by exploiting the vulnerabilities in their cybersecurity infrastructure.

SharkStriker offers staff augmentation services wherein we provide you with the right set of personnel you need for improving your cybersecurity infrastructure.

If you are clueless about the number of personnel or recruitment, don’t worry. We provide you with these services on demand.

Meaning, we cost-effectively provide you with much-needed cybersecurity experts who seamlessly blend in with your current team to improve your cybersecurity posture as and when required. No more delays or increased costs!

Wrapping it up

We have discovered how whaling attacks are some of the most sophisticated attacks where the attacker impersonates a CEO or CFO and attempts to steal personal or financial information through the mail. We have also seen how we can identify a whaling mail with some common signs along with the measures that we can take to defend against them.

SharkStriker is a cybersecurity company that specializes in helping organizations defend against some of the most sophisticated cyberattacks, by improving their cybersecurity posture through their services. We have a team of cybersecurity analysts, incident responders, and consultants who will help you devise strategies to combat threats such as whaling attacks. Get in touch with us to gain your own fully augmented cybersecurity services with bespoke pricing plans.

All

Endpoint Security