Ad Image

Plenty of Phish in the Sea



Solutions Review’s Contributed Content Series is a collection of contributed articles written by industry thought leaders in enterprise software categories. Aamir Lakhani of Fortinet looks at some of the different bait being dropped by hackers on phishing expeditions people are still falling for.

As ransomware incidents continue to climb, we’re seeing that even as things change, there’s a lot that still stays the same. Bad actors are still using the same playbook – and it’s working. A recent survey on ransomware found that phishing remained the top tactic (in 56 percent of cases) that malicious actors used to infiltrate a network and launch a ransomware attack.

If it’s not broke, don’t fix it, right? In a sea of possibilities, if the same tactic continues to work, bad actors will keep using it. And phishing has proven time and time again to be highly effective, especially when it’s based in social engineering. It’s also getting easier than ever. Sophisticated phishing tool kits are sold or given away for free on many hacker forums; they’re available to download on sites such as GitHub, and they’re available or distributed through TOR or BitTorrent.

Looking to touch up your endpoint protection? Check out our free Endpoint Detection & Response Buyer’s Guide!

Plenty of Phish in the Sea

Preying on Human Nature

Cyber-attackers make the most of any chance they are given. They feed on human nature as well as weaknesses in security. The overarching risk that can’t be patched or corrected easily is the human factor.

We’ve all seen it: that email that comes in from a co-worker asking you to respond to them for something urgent or an email purporting to be from a magazine you subscribe to asking you to address an issue with your account by clicking on this link. Or maybe it seems to be from a sender from a nonprofit organization that aligns with a cause dear to your heart with a link asking for donations.

Some of the recent examples of social engineering-based phishing attacks we’ve seen include:

  • Tax Day-based lures: No one likes paying taxes, and almost everyone fears the IRS, no matter how above-board they are. So an email purporting to be from the IRS that comes near April 15th is bound to spark some concern. Every year, we see a number of phishing campaigns that target people who may not be as savvy about tax laws and navigating the tax system such as new taxpayers younger than 25, taxpayers over 60, small business owners and Green Card holders.
  • COVID-19: The pandemic was ripe with opportunity for social engineering attacks. For example, we saw enticing titles like “New COVID-21 Variant” and “An Urgent Computer Update” used in spearphishing emails to different security branches of the Ukrainian government. The attackers’ objectives included installing Saint Bot Downloader, which has previously downloaded infostealers and other downloaders, and stealing private files and documents.
  • The lost or forgotten password: This one is tried-and-true and not tied to any specific event, news item, or social occurrence, but we see it all the time because bad actors have determined it has a good chance of being effective. The typical method of delivery with these is an email purporting to be from Amazon, a bank, credit card company, etc., and stating that a person’s password needs to be changed and urging them to click on the link to supposedly re-set that account’s password,

Tackle Social Engineering From a Training Standpoint

In terms of training, it comes down to practicing good cyber hygiene and keeping your staff (all of them) up to date on the latest best practices. Employees can learn how to recognize risks, safeguard their businesses, and protect themselves with the support of broad cybersecurity awareness training. It’s important to convey that these aren’t just practices for their work life; they apply to their personal digital life, too.

Make sure your training program teaches employees to create different usernames and passwords for every app. This is nothing new, but it remains crucial. Consider including a phishing simulation service to help employees learn to spot phishing attempts. Such a service employs real-world simulations to assist enterprises in testing user awareness and attention to phishing dangers as well as to teach and reinforce proper procedures when users come across phishing attempts.

And be sure the training teaches employees these tactics:

  • Check for typos and grammatical errors. Phishing emails frequently have flaws like this that are obvious. Be sure to check the sender’s email address, too, for legitimate domain names.
  • Maintain a healthy skepticism. Always be suspicious of any unusual or unexpected emails or phone calls.
  • When connected to public Wi-Fi, use a VPN. An easy vector for attackers to spread ransomware is through public Wi-Fi. By securing the connection, a VPN prevents outsiders from inserting viruses.
  • Don’t divulge private information. Never share credit card numbers or Social Security numbers over the phone or via email.

Bolstering Defenses From a Technology Standpoint

Use endpoint protection and firewalls to help stop cyber-attacks. Enterprises should deploy next-generation firewalls (NGFW) that can analyze incoming traffic from both directions and look for malware and other risks. With this approach, a firewall can ascertain the origin and destination of a file and offer other crucial details to find out whether it includes ransomware.

It’s essential to provide workers with the appropriate endpoint security. Proactive attack surface reduction, malware infection prevention, real-time threat detection and mitigation, and automated reaction and remediation processes with customizable playbooks are all capabilities of advanced endpoint security. Optimizing zero trust network access (ZTNA) and multi-factor authentication (MFA) is important.
Additionally, when an event is discovered, emergency incident response services can offer a prompt and efficient reaction. Finally, by using readiness evaluations, IR playbook preparation, and IR playbook testing (tabletop exercises), incident readiness subscription services offer tools and insight to assist organizations in better preparing for a cyber incident.

Security in a Sea of Threats

In the world of cybersecurity, some things never change. Phishing remains the top tactic used by bad actors to infiltrate networks and launch ransomware attacks, and social engineering remains a highly effective tactic for infiltration. However, organizations can take steps to protect themselves. Comprehensive cybersecurity awareness training is crucial for all employees, as is having a comprehensive security technology stack. By taking these steps, organizations can reduce the risk of falling victim to phishing and other cyber threats.

Download Link to Endpoint Security Buyer's Guide

Share This

Related Posts

Insight Jam Ad

Insight Jam Ad

Follow Solutions Review