Dive Brief:
- Senior level corporate executives are increasingly being targeted by sophisticated cyberattacks that target their corporate and home office environments and even extend to family members, according to a study released Monday from BlackCloak and Ponemon Institute.
- About 42% of organizations surveyed had a senior executive or an executive’s family member attacked over the past two years. The study is based on a survey of more than 550 IT security leaders.
- These attacks often lead to the theft of sensitive company data, including financial information, intellectual property or other information. In one-third of these cases, hackers are reaching these executives through insecure home-office networks used during remote work.
Dive Insight:
The report highlights the threat of sophisticated attacks against C-suite executives and board members, particularly at a time when corporations are operating in hybrid working environments with employees working from remote locations.
“Cybercriminals have long focused on executives in traditional corporate network attacks, since they are a bigger prize when attempting to commandeer accounts and gain access to systems,” Chris Pierson, founder and CEO of BlackCloak, said via email. “However, what has changed in recent years is that cybercriminals have realized that most executives are almost completely unprotected outside of their corporate accounts and devices.”
These executives are therefore more susceptible to social engineering attacks, malware infections and targeted attacks on their home networks, Pierson said.
The report backs up recent evidence of attacks targeting C-suite and senior level executives, board members and other key personnel.
In late May, Microsoft reported cybercriminals using sophisticated business email compromise attacks to target corporations. Threat actors leveraged residential IP addresses to make the intrusions appear to be locally generated and evade security alerts, Microsoft found.
Those attacks targeted senior executives who had privileged access to employee records and corporate financial data.
In early May, Dragos reported an attack where criminal actors leveraged a brand new employee to access certain company systems and then tried to extort senior level executives at the firm. The criminals reached out through the personal emails of those executives and even reached out to individual contacts of those executives.