Sophos has written a blog describing its investigation into a social engineering-based attack chain that used a unique approach to get the victim to click on a malicious payload. This peer-pressure based tactic allowed the attackers to infect the network, despite the victim quickly detecting it.
The attack began with the victim, an employee at a Switzerland-based organization, was called by attackers impersonating a delivery driver who was unable to deliver a package and needed a new address. The fake driver also said the victim would need to provide a code from the fake company so the redelivery could be authorized. The attackers then sent an email containing the code within a malicious attachment, which began infecting the victim’s network once they opened it to read the code out loud. The victim realized soon after they were being attacked and literally pulled the plug, although the damage had already been done.
Attacks of this complexity show the lengths to which threat actors are willing to go to infect a network. Members are encouraged to integrate this example into their regularly scheduled employee training efforts, as well as to review the technical analysis contained within the blog. Read more at Sophos.