BlackCloak: Protecting Executives from Targeted Cyber Attacks

BlackCloak: Protecting Executives from Targeted Cyber Attacks

Executives have long been prime targets for hackers, but in the past two years, new methods have emerged, intensifying the need for businesses to address this threat.

Attacks by organized criminal groups, like 0ktapus and Lapsus$, illustrate how hackers are increasingly focusing on personal devices and non-work accounts, effectively bypassing even the strongest corporate security systems. These attacks, often targeting high-level executives, exploit the shift from traditional business email breaches to more varied methods that catch executives off guard.

When cybercriminals successfully compromise an executive, such as a CEO, CFO, or CIO, they can gain unrestricted access to sensitive company data, networks, and employees.

The Evolving Threat Landscape 

While business email compromise (BEC) has traditionally been the go-to method for attacking executives, new tactics are now emerging. Although corporate email remains a prime target, hackers are finding success in hijacking other accounts, such as Slack, Zoom, Gmail, LinkedIn, and WhatsApp. These accounts can be just as, if not more, effective in stealing sensitive information or impersonating executives to manipulate employees. The FBI even issued a warning earlier this year about an increase in BEC-style attacks targeting Zoom.

Hackers deploy several methods to hijack these accounts, including phishing, fake login pages, purchasing stolen credentials from the dark web, or using social engineering tactics to reset account passwords or guess security questions.

Mobile Device Threats

Executive mobile devices are high-priority targets due to their access to work and personal accounts, company data, network credentials, and multi-factor authentication (MFA) codes.

Two key threats to be aware of are SMS phishing (or smishing) and SIM card swapping (SIM jacking). Smishing occurs when hackers impersonate trusted sources like IT departments or software vendors via text or messaging apps, stealing login details or one-time passcodes. These messages are hard to verify, making them easier for attackers to disguise as legitimate.

SIM jacking occurs when hackers trick mobile carriers into transferring an executive’s phone number to a device under their control. This allows attackers to intercept phone calls, text messages, voicemails, and even bypass MFA protections that rely on SMS codes.

Home Network Vulnerabilities 

Hackers are also targeting executives’ home networks to bypass corporate security. Many home networks are poorly secured, with vulnerabilities such as outdated WiFi routers and Internet of Things (IoT) devices using default passwords. The more connected the home, the greater the risk. Research shows that 20% of connected homes are accessible online by strangers. Additionally, 40% of data brokers collect home IP addresses, making it easy for hackers to find and exploit these networks.

Once inside the home network, attackers can access devices like laptops, desktops, and printers, and install malware or steal sensitive data. Even a home printer can be a security risk if it stores documents in memory that could be accessed by attackers.

Family Member Vulnerabilities

Family members of executives are also at risk, as they may not consider themselves targets for sophisticated cybercrime. This often results in weaker security, such as outdated software or missing patches. Hackers may target family members directly through social media or messaging apps or use social engineering to compromise their accounts. One example includes “catfishing” scams where cybercriminals manipulate family members to gain leverage over the executive.

Another tactic involves hijacking ongoing email or message conversations, injecting malicious links or attachments that the executive may inadvertently open, believing they came from a trusted family member.

Mitigating the Risk of Targeted Attacks 

Preventing attacks targeting executives outside the workplace is challenging, as they often exploit gaps in corporate security. However, there are several strategies that can help mitigate the risk:

1. Remove Personal Information from Data Brokers*: Executives should work to have their personal information removed from online data brokers. This includes personal phone numbers, home IP addresses, and family details. Professional services can assist in this process.
2. Secure Home Networks*: Fortify home networks by updating all devices with the latest security patches, changing default passwords, and separating IoT devices on a guest network. Ensuring guests use the guest network prevents potential malware from affecting the executive’s devices.
3. Protect Personal Accounts*: Personal accounts, especially those used for business communication like Gmail, LinkedIn, and WhatsApp, should be protected with strong, unique passwords and enabled MFA.

About the Author

Dr. Chris Pierson is the CEO and Founder of BlackCloak. With over a decade of service on the Department of Homeland Security’s Privacy Committee and Cybersecurity Subcommittee, he has extensive expertise in cybersecurity. He is also the former president of the FBI’s Arizona InfraGard and previously served as the Chief Privacy Officer for Royal Bank of Scotland. Dr. Pierson is a Distinguished Fellow at the Ponemon Institute.