Last year saw cybercriminal groups stealing headlines along with confidential company data in waves of ransomware attacks on enterprises across the globe. Ransomware has become a prevalent problem, with malicious operators infiltrating company infrastructures, encrypting data and in many cases also exfiltrating with stolen files they threaten to disclose when businesses refuse to pay.
While they don’t hold the same feared reputation as ransomware assaults, phishing attacks are in fact often the first step in these cybercriminal campaigns that can end up costing firms dearly, if data regulators feel their security measures were inadequate. Phishing emails are used by ransomware groups to gain a foothold within vulnerable IT systems.
In the following sections, we’ll explore these malicious emails, including some that are tailor-made to target specific employees with the highest permissions levels allowing them greater access to confidential data records and sensitive areas in your systems.
Understanding phishing tactics
Forewarned is forearmed. Remaining informed on cyberattacks is an important part of protecting your firm. Although phishing has been plaguing cybersecurity specialists for some time, it is a constantly evolving attack vector that threat operators are always honing and adapting to improve the success of their malicious campaigns. While business email providers typically equip enterprise accounts with dedicated filters designed to identify phishing mail and block it from arriving in inboxes, these security systems must be updated constantly to meet the ever-evolving tactics in play.
Cybercriminals deploying phishing scams are always enhancing and improving their techniques, developing content that can circumnavigate mail filters and other security solutions. To combat these tactics, the best defence is often to train the targets that phishing attacks are aimed at and educate them on how to identify these fraudulent emails to sidestep their damaging effects.
Well-aimed phishing attacks
Phishing emails are designed to fool their recipient into taking a specific course of action. This may be to disclose confidential information directly, to download an attachment or click on a link. Attached files may contain malware that allows threat operators to gain control of company devices while malicious links may direct victims to spoofed log-in pages where their credentials are harvested. These stolen passwords and usernames are then used to infiltrate a company’s network even further, ideal for penetrative ransomware attacks. Today even more specialist phishing attacks are being used – designed to penetrate security systems and target specific victims.
Enterprise spear phishing
Spear phishing is a form of phishing attack that is directly aimed at a specific company or employee. Typical examples of this type of attack may involve an email dispatched to a firm pretending to be a trusted supplier or a missive sent to a member of staff where the attacker impersonates the company accounts department to steal personal information.
Unlike conventional phishing methods, which use a blanket approach casting a wide net by issuing hundreds of thousands of messages with the hope of snaring victims, spear phishing is far more selective.
Extensive research is undertaken before any emails are ever sent. First, all publicly available data on a company or individual victim is viewed. With a whole host of information readily available on a company’s website, social media accounts and even in employee online CVs, this digital footprint holds plenty of useful data for attackers using spear phishing to shape their assaults. All this easy to obtain information will be then combined with other private and personal data hackers have been able to obtain using more standard phishing schemes.
The more data gathered that is unique to an individual they seek to impersonate, the better a hacker can hone their attack and trick their victim into believing they are a trusted entity. To further enhance the authenticity of their attack, spear phishing attempts will also use spoofed email addresses ensuring messages seem to originate from the valid address of a trusted supplier, a colleague, or even a company client.
The National Cyber Security Centre (NCSC) here in the UK states on its website that even its own experts have struggled to spot the carefully crafted spear phishing attacks against enterprises and their employees now being used.
Whaling
Whaling is the name given to an even more concentrated incarnation of spear phishing. These attacks do not concern themselves with just any employee or member of middle management but focus their attentions on an organisation or enterprise’s highest-level executives instead.
These dedicated attacks are usually email-based with content cleverly crafted to entice those in upper management positions to click on maliciously designed links or unwittingly transfer company funds to the accounts of cybercriminals, believing they are trusted entities. Complaints from clients, important legal matters and other issues that require attention from those in senior roles and require executive authorisation are typical templates.
Top executives are often chosen as prize targets by cybercriminals, as if successfully tricked, they can present hackers with superior access to an enterprise’s systems and data when credentials are captured.
A comprehensive security solution
Security is of paramount importance if you outsource your IT services. Always select a provider with impeccable credentials who understands the security needs of the data you handle and the way you operate. While security protocols that are too weak will leave you vulnerable to attack, defences that are too rigid can be unyielding and negatively impact your workflow. At Cara Technology we offer a fully managed security solution for enterprises delivering premium levels of protection and peace of mind. Contact our specialist IT team today for advice.