Avoid the Click Bait: Secure your Email from Ransomware & Spear Phishing Attacks

Exciting new technological innovations are changing our lifestyle everyday, and so are the new types of cyber threats making us more vulnerable. When we worry about the possibility of our latest cars and gadgets getting hacked we cannot ignore that favorite attack vector used by cyber criminals — email. As part of technological progression, we have shifted from the world of annoying spam emails to the even scarier world of targeted advanced threats. Attackers don’t want to collect a few bucks for every thousand users they could reach through email; they are targeting even bigger fish now. Being an undisputed leader of all marketing tools, email still continues to be the number one target for phishing attacks. The threat landscape is changing and attackers will always target the tools that people rely on. Email continues to be the launch pad for many advanced threat attacks. Phishing attacks delivered through email are one of the most common security challenges that both individuals and companies face in keeping their information secure.

Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises or users. Spear phishing is targeted, often as high-value assets (CEOs, CFOs, etc.), and they are believable. These messages have a link that when clicked usually directs you to a legitimate looking malicious website. If it has successfully convinced you to enter gets your private information like bank account details, passwords or credit card information, the perpetrators behind the attacks immediately cash in big. If they can’t, they sell your information indarknet markets for smaller amounts, with enough volume that they still make big money. Buyers and brokers of this private information ultimately use this private information to commit identity theft. The other phishing technique is deceiving users to click and download malware either through a link or attachment.

Phishing attacks have now been with us for well over two decades. But it’s only more recently that they have proven to be the most efficient means of launching a ransomware attack. The majority of ransomware attacks enter via email, luring employees to click on a link or execute a file. Ransomware is a form of malware that targets your critical data and systems for the purpose of extortion. Some of the known ransomware such as Cryptolocker and Locky are used to find and lock valuable files on targeted machines. To regain access, the victims will not have a choice other than forking over the ransom money or reinstall the system which eventually results in loss of data if not backed up. Ransomware attacks targets sensitive data that have financial values.

What’s more interesting about some ransomware variants is that hackers will take the utmost care to pass through spam filters by ensuring that emails are sent in appropriate languages and a genuine email addresses rather than using scattershot approach of bombarding hundreds and thousands of emails to random users.

Recently, there have been a few cases of potential healthcare data breaches which include a ransomware attack through email phishing incident and sometimes accidental release of patient data. Kentucky-based Estill County Chiropractic (ECC) recently announced on its website that it had experienced a potential ransomware attack, where an unauthorized user installed malicious software delivered through email that encrypted patient file. Washington University School of Medicine reported on its website that one of its employees responded to an email phishing scam, potentially allowing some patient information to be accessed.

Google’s Gmail service is often the target of phishing scams that have become increasingly effective in recent years. Now, a new scam has been uncovered that may very well be the most well-executed scam in recent history, making it all too easy for victims to have their Google login credentials stolen. Those credentials are then used to gain access to the victim’s Gmail account.

Apart from educating users to scrutinize emails before opening them and avoid clicking embedded links and attachments found in unverified emails, we should provide layered protection that not only detects but also prevents further attacks from infiltrating your organization.

Intelligent attacks are often beyond conventional security deployments. What we need from security vendors is effective security with low noise but high fidelity alerts.

One thing that will be common in all bad actors is their intention of behaviour. These threats can change their looks, but their behaviors are much harder to change. Especially for a well-trained behavioral analysis and machine learning engine they remain very clearly visible. Those tools have constantly proven effective in detecting disguised malicious files; more so than security tools relying on a predefined set of rules, lists, and signatures. If security vendors can connect the dots between email, web and lateral traffic, security teams can make proper decisions to isolate and remediate threats sooner.

By failing to detect and prevent potential threats early on with right security posture, organizations put their reputation and finances at risk.