How hackers use phishing emails in ransomware attacks
Phishing attacks work because people like to click on things. Hackers carefully tailor attacks to their victims by collecting publicly available personal information about them and playing to their sense of urgency to get a response. The attackers only need one person within your organization to click on the link or open an attachment. A lot of the time the goal of the attack is to capture account credentials, allowing the hacker to move laterally across the company and ransom the entire organization.
Traditional ransomware has exploited known vulnerabilities to hack into organizations. The problem for cybercriminals is that today a lot of these vulnerabilities have been patched and are not as easy to exploit. This pushed hackers to combine phishing and ransomware into a perfect attack vector where hackers get a backdoor into organizations because people click on links from sources they think they trust.
Protect your users from phishing attacks
Organizations looking to protect themselves against these new tactics used to spread ransomware should first focus on protecting their credentials and access. This requires a two-pronged approach: first invest in detection and response tools and then focus on training your users.
Email protection technology should focus not only on the detection of malicious payloads delivered through links or attachments, but also recognize when attacks use social engineering tactics designed to bypass filtering technology and trick users into action. It should look for malicious intent within an email, even when it does not include a malicious payload. Email security that uses machine learning algorithms can detect social engineering attacks with a higher degree of accuracy, looking for the smallest deviations from usual communication patterns.
Protecting users’ credentials can’t be done without proper protection against account takeover. Multi-factor authentication (MFA) remains a best practice and is something that should be adopted by every organization today. However, it’s not a silver bullet, and it’s not always enough. Hackers find ways to get around MFA either by tricking users into installing malware on their verification devices or giving fake apps access to their accounts. Organizations need to have account takeover protection in place that will quickly identify and alert about a malicious activity such as suspicious log-ins or attacks launched from compromised accounts
As the last line of defense, it’s crucial to train your clients’ employees and end-users to recognize and report attacks. Make security awareness training and phishing simulation part of your email security solution. Talk to your IT provider about this – if they’re not offering it, you need to switch IT providers. Historically, phishing attacks were associated with email only, but today’s cybercriminals will use other channels such as SMS and voice. Use phishing simulation for emails, voicemail, and SMS to train end-users to identify cyberattacks, test the effectiveness of your training, and identify those most vulnerable to attacks.
