The other day I was looking at Facebook and a post appearing to come from one of my relatives outlining how they had made easy money based on a guide on a website they had found. The post seemed out of character and therefore I treated it with a healthy amount of paranoia. Having contacted my brother in law via text it became apparent he hadn’t posted the comment on social media. He had in fact been hacked however prior to my text he was unaware.
This highlights the dangers of lateral attacks. Rather than come straight at us the cyber criminal attempts to get to us via a trusted person or organisation. Due to the increasing cyber risk we are all becoming more sensitive to the potential malicious approaches by strangers and how these may in fact be malicious. The cyber criminals have therefore pivoted to trying to use one person or one organisations accounts to gain access to others. As such they will look at the contacts of a compromised email account and then approach these contacts using the compromised account to send the emails hoping that the fact the sender is someone we are familiar with and therefore trust that we will be less suspicious and more likely to click the links or open the attachments.
Given the fact the number of breached accounts now outnumber the number of people on the planet it is no surprise that the lateral attack is becoming more common.
The fact an email comes from someone we don’t know is no longer the key indicator of a malicious email as increasing the emails may come from those we know. More than ever there is a need for healthy paranoia in how we deal with all communications we receive.
We also need to be more vigilant of unusual activity on our own accounts which might signal an account compromise and a malicious outsider trying to quietly use our accounts for lateral attacks on our friends, colleagues and other associates.