Recently we published an article summarising some of the findings for Proofpoint’s 2020 “State of the Phish” report.
That article focused on the rise in phishing threats over the last 12 months. However, this week we will be focusing on another concerning finding from the report – a lack of understanding when it comes to common phishing and ransomware threats.
Below we have outlined some of the most popular attacks that malicious actors use. We have also provided advice and guidance and identifying these attacks, helping you to improve your organisation's resilience against them.
Malware – Only 66% of respondents were able to accurately define malware. Short for Malicious Software, malware is a blanket term for viruses, worms, trojans and other harmful computer programs which attackers use to cause damage and disruption of their victims’ systems and networks.
Ransomware – Staggeringly, after 2017’s high profile ransomware attacks, the report indicated that only 31% of respondents were able to correctly classify ransomware. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from their victim to restore access upon payment. However, according to the report, 22% of victims never regained access to their data after suffering a ransomware attack.
Phishing – One of the most popular attacks that malicious actors use to obtain sensitive information or access login credentials. Yet almost a quarter of respondents (24%) were unable to correctly identify phishing. These attacks are often sent via email and use threats or create a sense of urgency to deceive unsuspecting victims into clicking links and providing their sensitive data or downloading attachments, at which point malware is injected into the user’s device.
Smishing and Vishing – Smishing and vishing are variations of standard phishing attacks but use SMS text messages or voice calls as opposed to emails as their delivery method. The report highlighted that awareness for both of these attack types was inherently low at 30% and 25% respectively.
Although not featured in the Proofpoint report, it’s also important to raise awareness of Spear Phishing, Whaling and Pharming attacks.
Spear Phishing – Spear phishing attacks use the same attack techniques as standard phishing attacks but are used to target specific individuals. These are far more effective than basic phishing attacks as the attacker gathers substantially more information about their victim in preparation for the attack, making it more targeted and therefore increasing effectiveness.
Whaling – Whaling attacks are essentially spear phishing attacks targeted at senior level individuals within a company. These attacks require a significant amount of planning, but when successful can be incredibly lucrative due to the nature of the sensitive information their targets have access to.
Pharming – Pharming attacks involve malicious individuals infiltrating your computer and installing malware which redirects you to bogus sites developed by the criminal. These attacks are often initiated by sending out malicious emails which when opened, install malware on the targets computer.
The main issue with this type of attack is that they are difficult to detect. Even if the victim enters the URL of the website that they are trying to reach manually, they will still be redirected to the bogus site and are tricked into sharing their login credentials or sensitive information.
How can you identify these attacks and defend yourself?
Although these attacks have different targets and methods of delivery, there are a few simple steps you can use to increase your organisation's resilience.
Defending against ransomware
Our first piece of advice is to not give in and submit to ransom demands. There are no guarantees you will regain access to your files and even if you are able to access them, the malware is unlikely to have been removed. Often, paying the ransom also leads to future ransomware demands as you are marked as a victim who has surrendered in the past.
The best way to defend against ransomware is to perform regular scanning to identify vulnerabilities within your systems and networks before they can be exploited by malware. At SES, we recommend performing Penetration Testing every year and after each major version change or upgrade. We also recommend performing regular Vulnerability Assessments in addition to Penetration Testing to routinely examine your systems for known vulnerabilities.
If you are the victim of a ransomware attack and your files are compromised, then the most effective way to remediate the threat is to restore your backups to a previously uninfected state.
Defending against phishing assessments
One of the simplest ways to spot phishing emails is by looking for od spe11ings or out of place cApiTals. These are often found in the emails to confuse spam filters. Other popular signs of phishing emails include generic greetings such as “Dear Customer”, “Dear - your email address”.
Phishing attacks are mainly focused on gaining access to your login or banking credentials and often use a sense of urgency to get you to respond to their requests. If a phone call, voicemail, email or text message asks you to log in to an online account or make a payment you were not aware of, be cautious. Companies will never ask you for your personal details in full, instead ask for snippets of your credentials (e.g. 1st, 4th and 6th characters from your password) to confirm your identity.
Also, never give out any of your banking credentials to anyone who has called you unexpectedly, even if they do claim to be from your bank.
Finally, A spam filter will filter your incoming emails and mark anything suspicious as spam. If a bogus looking email does make it into your inbox, mark it as spam and delete it. Never click any links or open any attachments contained within as they could potentially install malicious software on your computer just by clicking on them.
If you do think you have been the victim of a phishing or ransomware attack or would like to speak to one of our specialists about protecting your organisation against cyber threats, please get in touch to speak to one of our specialists.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.