The Colonial Pipeline incident in May illustrates how disruptive a successful ransomware attack can be. Even though the ransom – the equivalent of around $ 5 million in Bitcoin – was paid, many schools, medical centers and communities were badly affected before operations could be restored.
Unfortunately, ransomware is only the end of the attack chain. According to Verizon 2021 Data Breach Investigation Report, 85% of violations involve a human element, such as phishing. Yet too many people see phishing as a problem exclusively with email. Hackers have gone beyond that to embrace smishing (text), vishing (phone), and social networking sites to exploit the weakest link in the cybersecurity chain – the human operator.
With the rapid convergence of work and personal lives of employees due to the COVID-19 pandemic, LinkedIn has become a particularly attractive vector of infection. It’s easy to create a fake profile and target people. Its appeal is such that many state actors use LinkedIn and other social networks to spread attacks. This was the case earlier this year when Google discovered a large-scale cyber attack who is originally from North Korea. He used fake blogs, email accounts and fake social media profiles to deceive the victims.
Countless paths of attack
Phishing has also infiltrated ads, search engines, browser extensions, and chat apps. Payloads include malicious browsers, scareware, fake virus alerts, bank fraud and more. HTML phishing can be delivered directly to browsers and applications. Essentially, phishing can bypass traditional defenses with a success rate of over 80%.
Hackers also used legitimate infrastructures such as Google, Dropbox, or SharePoint to spread phishing attacks. Organizations are whitelisted these services, so it’s easy to have a phishing page hosted on the legitimate infrastructure.
People mistakenly assume that if a domain looks legitimate, the site can be trusted and accessed safely. Unfortunately, most security trainings focus on helping users identify phishing emails and neglect to teach employees what to look out for when it comes to other communication channels like SMS, phone calls and social networking sites.
Don’t trust anybody
While many organizations still rely on traditional defensive antivirus and firewall solutions, successful phishing has become easy. Teaching users about threats and not trusting anything, no matter what its source, is part of a solution. Even then, we are only human, and the risk of a breach increasing every day.
That’s not to say that it’s not essential to continue training employees to identify the signs of malware through phishing or other means. But this is not a quick fix and should be done continuously as new threats emerge.
Bad actors have more tools that they can easily combine with automation and legitimate infrastructure. This allows them to quickly trigger attacks in Azure, Google, or AWS. These can correlate the behavioral insights of users on the dark web and become highly targeted to specific individuals.
The best way to combat this is to fight machines with machines. But, sadly, the human resources and hours it takes to defend against these automated attacks are virtually unattainable – and the attacks happen too quickly for human forensics to detect and protect themselves.
Follow best practices
Best practices begin with ensuring that the organization has up-to-date host-based firewalls and other protections such as endpoint security products in place. This is especially important in a distributed work environment where people are using their personal devices. In addition, it is imperative to keep operating systems and applications up to date and up to date on all computers and devices.
An anti-phishing solution that protects against all forms of human hacking is becoming fundamental and an increasingly sophisticated defensive posture. It can perform device-level cyber attack analysis, so that data is not transferred to the organization’s network. This protects the privacy of users regarding their personal activity and introduces additional protection so that potentially malicious data does not enter the corporate environment.
As mentioned, regular training of users on cybersecurity, especially when new attack methods are discovered so frequently, is essential. Additionally, employees need to understand their personal risk as well as the risk to the organization.
Finally, if a cybersecurity event is detected, teams must work together quickly and deeply to understand the scale and depth of the impact and begin the recovery process. Communication is essential – partners, watchdogs, customers, investors and other stakeholders should be informed as soon as a breach has been identified and what the recovery plan will involve. There is nothing to be gained by keeping a security event silent. Once the threat is isolated and the business has recovered the data and assets, it should use the learnings to update policies and procedures to better prepare for them.