One significant finding published in our 1H 2022 FortiGuard Labs Threat Report is that ransomware is rampant. We’re seeing ransomware attacks becoming more sophisticated and aggressive, with attackers introducing new strains and updating, enhancing, and reusing old ones. What’s especially concerning as we look back at the first half of 2022 is that the number of new ransomware variants we identified increased by nearly 100% compared to the previous six-month period.
How does ransomware make its way into an organization in the first place? Ransomware can be delivered to an unsuspecting victim in many ways. Yet according to research, phishing is the number one attack vector associated with ransomware. This is why it’s critical for all employees to be cyber aware and cybersecurity training can make the difference from being one click away from a breach.
What is Phishing?
A phishing attack is a type of cybersecurity threat that often targets users directly through email, text message, or on social media. During one of these scams, the attacker poses as a trusted contact to steal sensitive data like login credentials, account numbers, and credit card information.
How are Phishing Attacks Carried Out?
Phishing attempts can be diverse, as attackers are continually becoming more sophisticated and creative with their techniques. Some well-known types of phishing attacks include spear phishing, clone phishing, vishing, whaling, snowshoeing, and business email compromise, to name a few.
There’s also been a reported uptick in a newer method of phishing recently, referred to as Multi-Factor Authentication (MFA) Fatigue. This is when a threat actor runs a script that attempts to log in with stolen credentials over and over, which sends an onslaught of MFA push requests to a user’s device. The intent is for the user to become overwhelmed by the stream of notifications and accidentally hit “approve,” giving the malicious actor their credentials.
What unites these exploits is that they share a common goal: identity theft or the transfer of malware.
5 Actions Security Teams Can Take to Combat Phishing
When it comes to preventing cyberattacks like phishing, your security team and your organization’s employees both have important roles to play. From having the right technologies to implementing organization-wide cybersecurity training programs, there are many simple actions enterprises can take to improve their security posture and defend against potential compromises.
Here are five best practices we recommend every enterprise implement to guard against phishing:
- Enable spam filters: This is perhaps the most basic defense an organization can take against phishing. Most email programs include basic spam filters that automatically detect known spammers. You can also purchase more comprehensive spam filters that weed out emails based on additional attributes such as headers, language, and the content within the email. Spam filters are helpful because they provide an extra layer of security for your network, which is especially important given the popularity of email as an attack vector.
- Update software regularly: Make sure that the software and operating systems your organization uses are updated regularly. Patching can harden vulnerable software and operating systems against certain attacks. Updating security tools helps them better detect and remove malware or viruses that may have inadvertently been loaded onto an employee’s laptop or phone via a phishing scheme. However, while many software manufacturers provide regular updates or notifications when a new patch is released, not all do, making it important to regularly visit your vendors’ websites to check for updates.
- Implement Multi-Factor Authentication (MFA): MFA requires a user to leverage multiple pieces of information before logging into a corporate network and gaining access to its resources. Generally, this requires implementing at least two of the three elements of MFA: something you know (like a password or PIN), something you have (like a physical token, laptop, or smartphone), and something you are (like a fingerprint, iris scan, or voice recognition.) These layers of authentication are essential in the event a scammer has already stolen the credentials of some employees. With MFA in place — especially if it includes biometric authentication — scammers are blocked from accessing sensitive data.
- Back-up data: All corporate data should be encrypted and backed up regularly, which is critical in the case of a breach or compromise.
- Block unreliable websites: Use a web filter to block access to malicious websites in the event an employee inadvertently clicks on a malicious link.
Help Your Employees Spot Phishing Attempts
According to the Verizon Data Breach Investigations Report for 2022, 82% of successful breaches involved the human element. While having the right security technologies and processes in place is undoubtedly critical for protecting an organization, humans are often the weakest link in an enterprise’s cybersecurity ecosystem. Hence, educating employees on cybersecurity best practices is a must.
When implementing an ongoing, organization-wide education program, identify key areas to cover that present the biggest risks to the end user (and inevitably your business). In the case of phishing, offer employees practical tips for identifying a potential phishing attempt. For example, encourage them to review emails closely — verifying the sender’s address, reviewing the grammar and spelling, and looking for links or attachments — before taking any action.
By: Aamir Lakhani, Global Security strategist and researcher and Rob Rashotte, Vice President, Global Training & Technical Field Enablement at Fortinet