Blog
In the past, cyber-security threats typically involved obtaining information from systems that attackers could use for supplementary crimes such as identity theft and extortion. Fast forward to present, and cybercriminals have progressed to directly demanding sums money from victims by holding their systems, devices and company data hostage. This strain of malware attack, in which data is encrypted, and victims are pressured to pay for the decryption key to restore access, is known as ransomware and it has grown hastily since 2013.
Ransomware attacks are often propagated through file-sharing protocols and have also been distributed through phishing campaigns that disguise the payload as maliciously crafted instructions, images or as executables attached to the email itself.
The financial impacts, business interruptions and brand damage these attacks can inflict can drive an organization to its knees in a very short period of time.
In summary:
What is ransomware? Ransomware is malware. The hackers demand payment, most often via cryptocurrency or prepaid credit card, from their victims to regain access to an infected system, device and ultimately stored data.
Why does ransomware matter? Simply put, due the sheer ease of deploying ransomware, cybercriminals increasingly rely on such ransomware to generate profits.
Who does ransomware affect? While individuals were traditionally targets, businesses ranging from large scale enterprise to SMBs are now targeted with increasing frequency. Enterprises are more likely to have deep pockets from which to extract a ransom, whereas SMBs are less likely to have security measures in place, thus making themselves easier targets.
How does ransomware spread? Ransomware attacks are commonly propagated through file-sharing protocols, weak passwords and are also heavily distributed through carefully designed phishing campaigns.
How do I protect myself from a ransomware attack? A variety of tools developed in collaboration with law enforcement and security firms are great resources to help reduce the potential for an attack.
Phishing
Despite being one of the oldest cyber-attacks in the book, phishing remains as popular as ever in 2019 and one of the primary methods that attackers utilize to target end users and infiltrate organizations of all sizes. In house security and risk awareness programs, nevertheless, do not prioritize phishing prevention nearly enough. Phishing exploits still work in 2019 because hackers are studying their targets and employing techniques to get past email content security filters.
Once a carefully crafted phishing email lands in front of an employee, even your most security conscious employee may find themselves fooled by the clever social engineering tactics. Attackers often use psychological tricks to encourage users to take actions they may not usually take; preying on an individual’s desire to be helpful, or their natural inclination to do what an authority figure has requested of them. The tactics have become increasingly more sophisticated and difficult to detect, adapted based on relative success rates over time, industry and other carefully observed variables.
At this point, cyber awareness training alone is inadequate protection from phishing. In order to improve your organizations odds of enduring a clearly crafter phishing campaign, a layer approach, combining technical controls and user awareness is an absolute requirement. Each layer of this approach acts as a “safety net” in the event one of the other layers in place fail.
These layers should include:
Technical controls to protect end users. An organization can greatly reduce the likelihood of a malicious email landing in your employees’ inboxes with the use of security solutions as a first line of defense. Some common technologies included in this layer are email content filters, email authentication and threat intelligence software.
Awareness training for your staff to recognize suspicious emails. Creating awareness amongst all levels of staffing is the last line of defense should your technical controls fail to remove and/or identify malicious content. In order to keep your employees keen at detecting phishing attempts, training and simulation campaigns must be ongoing. As well, it’s important to have a plan in place for reporting phishing in order to measure the performance of your staff in these events. It is important to remember not to point fingers at the users who may fall for such simulations as this can lead to a user base who is less likely to follow protocol in a real-world attack.
Preparing for an Incident. Unfortunately, despite any organizations best technical and human efforts, some of your employees will eventually be phished. If all else fails, your organization much be prepared to respond to these incidents in order to limit the impact of a successful attack. Additional technological measures, including browser isolation and multifactor authentication procedures can also greatly limit the impacts of a phishing attack. As well, having an incident response plan prepared in advance also aids in the quality and speed of the recovery process.
For more information, please do not hesitate to contact us to learn about the services we can offer to upgrade your security posture.