The impact of phishing

Phishing is the primary vector of compromise for 29% of major ransomware attacks. Interestingly, contrary to popular belief, the impact of a user clicking on a phishing email, does not manifest immediately. Typically, the actors spend on average 13 days inside the compromised network before deploying the encryption process. During this period, they would move through the network and increase their control, identify, and remove backups for increased impact.

We heard a user in one organisation opening an attachment from a phishing email and reporting it to their IT department. But because there wasn’t an immediate indication of a compromise, they closed the incident and used the reasoning ‘close call’. In the meantime, on the user’s computer, malware was laying dormant and waiting for the user to log into the company’s systems so it could intercept their credentials and send them to the cybercriminals. Some weeks later, after the attackers had propagated their control throughout the organisation, all their systems, email and backups were encrypted and held to ransom.

How to protect yourself

Do not trust emails or advertising from online florists or other gift retailers until you are sure that they are valid. Otherwise, you might be turning over your credit card information to a scammer or infect your computer with malicious software. 

Do not trust an online greeting card, particularly if it does not indicate who sent it to you. Be very wary of a card sent by “a secret admirer.” Even if you recognise the name, confirm that it was really sent from that person before you click on the link and open the card.

Do not trust special deliveries, there is no special charge for alcohol so if someone requires a credit card payment for such a delivery, just politely decline knowing you just dodged a bullet.

Do not trust anyone who indicates he or she is in love with you and then wants to communicate with you right away on an email account outside of the dating site. Claiming to be working abroad, asking for your address and poor grammar are often signs of a foreign romance scammer. Many romance scams originate in Eastern Europe… The rule still applies: THINK before you click.

How to protect your organisation

There is no magic cure for phishing, as with all social engineering, it’s exploiting the human element of your security. The most effective defence is to educate your users. Which is easier said than done.

Recently we’ve deployed KnowBe4’s Security Awareness Training platform internally in Cyberfort. Which not only provides a large repository of online training courses, but also runs simulated phishing campaigns to measure the effectiveness of the training. We’ve noticed a dramatic reduction in the percentage click rate in the few months since implementation.

We’ve been so impressed that we are now recommending it to all our clients and offering to help setup and manage the platform on their behalf.

If the thought of ransomware is keeping you up at night, then give us a call. From consultancy, to managed security awareness training to full on security operation services, we’re here to help.