Monday, Dec 23, 2019
BY: Justin Heard - Security Analytics Team
During a recent quick threat webinar, Justin Heard, manager of Nuspire’s Security Analytics Team, discussed everything there is to know about the growing threat, phishing. Here’s what he had to say:
What is phishing?
Phishing is basically the act of sending an email that can potentially have a malicious file in it. It’s the act of sending an email under false pretenses to either gain information or infect a machine. That information could be operational in nature so they’re just fishing for information. So, I send an email to you that says, ‘I’m your boss’, and that email even looks like it came from your boss, so they can do spoofing to hide what the real address is. It could say ‘Hey I need all the financials for 2019. Can you send those over to me?’ I could even send you a link and say ‘hey I need you to visit this link and log in’ when in fact, that links you to a webpage that collects your credentials without you even noticing.
It’s a dangerous tactic and is widely used based on the ease of use for hackers. They take the path of the least resistance, where all they have to do is send an email out to a bunch of people spamming them (I’m sure everyone is aware of spam emails) that contains a malicious payload with a predefined message to try and get unsuspecting users to click on those links or download those files.
What are some examples of different types of phishing scams that target organizations?
They call phishing with high level executives spear phishing, because they’re the big fish. However, a lot of phishing campaigns could be anything. With the holidays coming around I could just send an email to a bunch of people that says ‘hey you need to click this link to see where your package is’ and that link could have a malicious link. So phishing is not just from executives it can span across any facet of business or just personal users as well.
How do you recognize phishing scams?
There are a few different things you can do. For one, if you don’t know who’s sending you an email, be suspicious and stay alert. If you’re unsure about an email make sure you’re looking closer into it and try to determine if it actually came from that specific person. And just being aware and really inspect your emails. Any critical information that is being asked for, double check in person or give them a phone call if you can. The biggest thing I tell users, is to just be suspicious. Here at Nuspire we do red team exercises where we will fish your own internal company which helps everyone stay aware.
There are some technical controls that can be used with email filtering that can help identify those spam messages as well. Having an MSSP to monitor the logs that your emails produce. Say an email didn’t get caught by spam, but that URL is on a threat intelligence list, the MSSP that’s monitoring your email can pick up on that phishing attempt.
People are also the best protection. Making sure that you have people monitoring the information that’s produced from their systems and then making sure that your users are know how to spot phishing attempts to report the phishing attempts to.
What do I do if I click on a phishing email?
Definitely get a hold of your IT team and let them know. It’s better if we can catch these attacks sooner in the process. A lot of times like Emotet, it will grab all your contacts and start spamming them and sending them malicious payloads. So if that you can identify that quickly and report it to your I.T. team, or if you’re are partnering with an MSSP that’s monitoring and helps remediation, reach out to them to let them know immediately so we can look at the logs and figure out where it’s going and try to stop in its tracks. The sooner it can be identified the better.
What happens if a phishing threat goes undetected?
Phishing gets very widespread. One of the things that was in our quarterly threat report was the triple threat that had Emotet with ransomware installed in it that was using a second method for key logging in order to collect information. The possibilities are endless when it comes to phishing and if you don’t identify it quickly and get it remediated you could potentially face ransomware. You can also possibly have reputation issues where your email system is sending out a bunch of spam from your users which could contain Emotet, ransomware or malicious file.
Email is a really fast and easy way to spread this malicious content. Phishing can go from someone simply sending you to a bad webpage to complete ransomware encryption to credentials being leaked, which can open up the doors for other attacks using valid credentials. The list goes on and on when you’re talking about email as a threat vector.
What is the best solution that organizations can do today to prevent phishing?
It’s hard to completely prevent phishing, but there’s some things that can help mitigate it. One is user awareness. Second is partnering with an MSSP to watch your traffic and really understand what’s going on in your network. Email filtering solutions block some of those easy attacks to email, but a lot can be difficult to detect. Having someone looking for those malicious domains and the malicious IPs that are communicating with your network, can really help identify some of those threats.
Most organizations are concerned about user errors when it comes to phishing attempts. The first step is to be aware. For more information on becoming cyber-aware, download our cybersecurity awareness guide and start promoting a cyber-aware culture in your organization today.