Bait and Tackle: What Can Be Done About Phishing?
Last month, Juniper Threat Labs released research on a new Trojan-delivered malware named 'Masad Stealer’. This malware targets a messaging application to steal user data, including Cryptocurrency wallets, credit card information, discord data and more. The developers sell this malware “off the shelf”, so we’re likely to see it crop up again and again, but this does not make it a common form of attack.
The most common form of attack today is still phishing, with literally millions of emails received and dealt with daily. According to a recent report on smallbiztrends.com, on average, five emails that we receive per day are phishing messages. Nearly a third of these emails will make it past any basic security and into an email client, meaning this is a threat to take seriously.
In our latest webinar, The Human Element: Data Protection is More Than Machines, we focused on the history of phishing, spear-phishing and the type of payloads – including ransomware – that are commonly delivered in these attacks. What is it that makes phishing so successful and what are the key factors that allow phishing attacks to keep happening?
Users and user awareness are still a challenge. Users continue to fall victim to phishing attempts by either opening attachments or clicking on links in emails. Outside of the IT organization, it is not uncommon for users to only receive basic security awareness training, often as part of onboarding or only once per year. Ongoing investment in security awareness training is critical to helping employees be able to spot attacks and keep phishing out of the business. With regular training, users will be more aware of what threats look like, as well as more likely to spread their knowledge by talking about it with colleagues.
The value of personal data has dropped. Put simply, there’s so much personal data out there that people don’t want (or need) to pay high prices anymore. We have seen a shift from pure information-stealing phishing tactics toward emails with a payload to deliver, including ransomware and malware. There has also been an increase in the number of people willing to pay the ransom in order to regain access to data, particularly in local government, education and healthcare, where the cost to mitigate the damage often outweighs the amount of the ransom.
Phishing is cheap, but it uses advanced technology. We have become accustomed to receiving spam. Now cybercriminals are adopting machine learning to improve the content and social networking tools to better target individuals, making it possible for them to mimic genuine emails. Keeping users educated on the latest tactics and up to date with security training is one of the best ways to protect against an attack getting hold of business data.
"Patch, patch, check for new patches and patch again!"
Businesses don’t always keep up. The challenges facing overstretched IT teams make it hard to keep ahead of everything. Three of the most common areas that get overlooked are also among the most common areas where attacks occur:
It’s not possible to stress enough the importance of patching an environment. This may be one of the most basic activities that is undertaken, but patches address vulnerabilities – and vulnerabilities are what enable cybercriminals to gain access to systems. Patch, patch, check for new patches and patch again!
This comes in very close second place to patching. Having a strong, well-tested backup process could mean the difference between up and running smoothly or paying the ransom for some organizations. If you can get an immediate handle on spreading malware, it may just be a case of restoring images to get up and running again.
BYO and IoT are now becoming very closely aligned. We used to think of BYO as bringing a laptop to work, which in most cases, people are amenable to having corporate security tools installed to keep their device safe. More of a concern is the more mature BYO that relates to bringing personal IoT devices to work and connecting them to the corporate network. Many of these devices do not have strong security or may not be set up by the user properly so they can circumvent IT processes. This is a huge risk because vulnerabilities and weaknesses in IoT can potentially be used by criminals to gain access to data and systems.
Organizations need to consider layers of security to keep email attacks out of the business. In recent years, we’ve seen an evolution from on-premises email to cloud-hosted solutions, which come with email security built-in. But what about the ones that slip the net? Advanced Threat Protection and Prevention solutions include next-generation capabilities to detect potential malware in attachments, then detonate and remove it before delivery to the user. In addition, they make use of reputation threat feeds to recognize when content contains links to high-risk websites or IP addresses and prevent the content from getting to an end-user.
With Advanced Threat technologies in place, the next area to consider is how to better leverage them across all the data that multiple solutions are creating.
This is where Security Automation is a powerful tool. By taking advantage of the data you have on the network, in security devices and from threat feeds, policies can be created and applied to ensure early notification of potential threats and better protection of your environment.