The spread of so-called ransomware via email through phishing attacks is not new, but it is still extremely dangerous for companies. Ransomware is malware that takes control of company data on infected systems and then demands a ransom to release the data. The current wave of attacks “GoldenEye” reaches a remarkable level of professionalism in this regard, so that even well-trained and attentive users can become phishing victims. In addition to security training, other measures should therefore be taken to help protect the company.
Social Hacking and Phishing: How Ransomware spreads
“GoldenEye” has been active for a few days and is specifically attacking companies in Germany. The email disguises itself as a deceptively genuine application email in the name of the Federal Employment Agency, for example. And it does so without the formal or linguistic errors that otherwise frequently occur, but with a concrete reference to a real job posting. The fact that these applications are an attack vector and thus pose a threat is often not apparent to HR managers at the first moment. Otherwise, phishing e-mails can often be recognized by such details. The attachment then contains an XLS file in which the ransomware is hidden behind macros. In many cases, a perfectly legitimate PDF file is also attached, which does not cause any infection, but only additionally underlines the credibility of the bogus application – a typical case of exploitation of social norms and the gullibility of victims through social engineering or social hacking.
Phishing attacks have been at an impressive high for several years now; for example, the number of phishing emails increased by an incredible 789% between quarters Q4 2015 and Q1 2016. In 2016, ransomware was mostly and very successfully spread via email and, together with phishing attacks, continued to increase in frequency. Meanwhile, the professionalism of these attacks has also improved tremendously, with GoldenEye standing out for its unprecedented quality of malicious mass emails. Such energy was previously only invested in particularly high-value targets, such as the chef scam (also known as “CEO Fraud”), where emails on behalf of the CEO ask for account details or transfers through accounting. Now these dangerous attacks are reaching many more companies.
Due to the immense volume of business emails and human error, the infected mails keep going through the network despite security measures and can lead to infections of company systems, which can end up meaning data loss, production downtime or data leakage.
How can Companies prevent Phishing Attacks and Ransomware?
Sensitizing potentially affected employees through security training is an important step in preventing future phishing attacks. However, even every user, no matter how well trained, is phishable. Therefore, additional security measures are advisable to avoid having to fight phishing as a permanent problem. Which specific measures make the most sense must be decided on an individual basis. Nevertheless, there are some basic tips that can contribute to security in any company without great expense.
Anti-Phishing Security Tip 1: Communicate Company Internal Information sparingly
The disclosure of information on the Internet is an effective tool for marketing and corporate communications, but it also carries a risk: attackers collect this information and use it to create professional cyber attacks. For example, the above-mentioned CEO fraud will be greatly facilitated if you read on Twitter that the CEO is on a business trip and the accounting staff and e-mail are listed on the company’s website. Therefore, any publication – be it documents, job advertisements, social media or your own website – should always consider what a potential attacker could do with this information and whether the publication is still worthwhile.
Anti-Phishing Security Tip 2: Improve E-Mail Verification and Filtering
For protection against spoofed emails, corporate system administrators can configure e-mail filters to check SPF, DKIM, and DMARC records. In addition, your own entries should be correctly set. This makes it quick and easy to mitigate the threat by making it easier for users to distinguish between real and fake e-mails.
Anti-Phishing Security Tip 3: Backup Copies in the Cloud
Corporate files can be protected as a precautionary measure by regularly storing them redundantly on independent servers and automatically synchronizing them with secure cloud storage providers. Depending on the type of attack, either the independent backup or version history, for example, in the vaulted cloud of Tresorit, can help restore the data that has been blocked by ransomware.
Anti-Phishing Security Tip 4: Professional Application Portal
Job portals such as LinkedIn can be used to specifically minimize the threat posed by application e-mails with GoldenEye. In addition, an online service can be set up via which all applicants must register and upload documents by default. If an application is then submitted by e-mail, it is so conspicuous that the HR team members will pay more attention to the content.
Nevertheless, the following applies: If you have any doubts, you should not open an attachment or link of unknown senders, but rather ask the IT department. There’s no such thing as a stupid question: if ten false alarms help prevent an attack, it saves the IT department a lot of time and trouble.
To find out where training or more extensive security measures are appropriate in your company, an independent, individual analysis is helpful. Internal employees often already have their own view of things – with the help of an independent service provider such as IT-Seal, the most efficient security measures can be identified.