ActiSoft Technology - Blog , Training

Email Phishing Is Now the Top Ransomware Attack Vector

Wed, 03 Feb 2021 15:07:20 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

But new data from security vendor Coveware in their Q4 2020 Quarterly Ransomware Report shows that phishing is now the prominent ransomware attack vector since RDP compromise is being prevented by potential victims.

There are also some shifts in payment amounts – fortunately in the favour of the victim organisations.

According to the report:

The average ransom payment decreased 34% in Q4 of 2020 to $154,108 from $233,817 in Q3
The median payment also decreased by 55% in the same timeframe from $110,532 to $49,450
Threats to disclose exfiltrated data stepped up in Q4, with a whopping 70% of ransomware attacks using this tactic (up from 50% in Q3)

Coveware speculate this decline in payment amounts is due to the ability for organisations to better recover their locked environment. And with Coveware seeing that exfiltrated data doesn’t appear to be credibly destroyed by the cybercriminal (and instead appear to be found in the hands of multiple parties, implying it’s been sold on the dark web), there is less emphasis on the option to pay the ransom and stop the publishing of the stolen data.

Phishing took over from RDP as the top overall initial attack vector, with the top attack vector varying between ransomware families. RDP picked up steam during the pandemic as many organisations sought to quickly provide remote access to their now remote workforce. Phishing has moved up as the quickest route to get malicious code into an organisation and in front of an unwitting victim user.

If you haven’t heard it yet: stop using Internet-facing RDP. Changing the ports isn’t enough; it’s time to pick another more secure technology. And for phishing, many ransomware attacks continue to make it through your email filters. You need to block attacks that have made it in your users' inbox. Turn your users into a strong human firewall with new-school security awareness training and enable your users to make smart security decisions every day.

Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximise your organisation’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

Watch Now

All 200 Million Office 365 Users at Risk by a New Global Spear Phishing Attack Spoofing Microsoft.com

Sat, 19 Dec 2020 17:58:40 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

Upon clicking the provided link, users are taken to a spoofed Office 365 logon page where credentials are captured and stolen.

According to Dark Reading’s article on the attack, a Microsoft spokesperson is quoted as saying “Contrary to claims in the third party report, Office 365 has rich in-built controls to block domain spoofing emails and enforces DMARC checks. We encourage all customers to make sure they have deployed the latest security controls in Office 365, enabled multi-factor authentication for Office 365, and train their end users to observe caution when clicking on links from unknown senders."

But given that Ironscales customers are seeing this attack, it’s evident that some are getting through to a user’s Inbox.

What’s needed is to educate users via new school Security Awareness Training on what elements of an unsolicited email should trigger their sense of suspicion. In this case, the urgency denoted to simply review some emails that may or may not be important.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Go Phishing Now!

Number of Phishing Websites Double and Unique Phishing Campaigns Triple in Q3

Thu, 03 Dec 2020 16:57:02 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

New data shows the bad guys have been working diligently to step up their game on both the front and back end of phishing attacks, despite still being mid-pandemic.

As we move towards the end of the calendar year, we’re all wondering what next year is going to hold. If this latest phishing trend data is any indication, next year is going to prove to be the year of the “phish.”

According to the Anti-Phishing Working Group’s Phishing Activity Trends Report for the 3rd quarter of 2020, phishing attacks are materially on the rise:

Q3 saw 572K unique websites used for phishing purposes. This is a 115% increase from the 3rd quarter last year and 289% increase from Q2 of this year.
Q3 saw 367K unique phishing campaigns, over triple the 118K seen the same time last year and 128K in Q2 of this year

Interestingly the number of brands targeted by phishing campaigns rose, but not as sharply as the number of websites and campaigns. In Q3, there were over 1500 brands targeted, only up 21% from 1283 in Q3 of last year.

One of the most effective ways to thwart phishing attacks is to educate the user via Security Awareness Training on the current methods, social engineering tactics, and campaign themes so users can easily spot a potentially harmful email and avoid engaging with it and assisting in its’ success.

Free Phishing Security Test

Here's how it works:

Immediately start your test for up to 100 users (no need to talk to anyone) but you can if you want
Select from 20+ languages and customize the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry

Go Phishing Now!

A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

Tue, 01 Dec 2020 11:15:21 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

Great for Marketing Purposes and for Phishing!

CEO - chief executive officer
COO - chief operating officer
CFO - chief financial officer or chief financial controller
CMO - chief marketing officer
CTOs - chief technology officer
President
Vice president
Executive Assistant
Finance Manager
Accountant
Director
Finance Director
Financial Controller
Accounts Payable

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.

The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.

I don't have to tell you the risks that this brings related to CEO Fraud, also known as Business Email Compromise. ZDNet has the full story.

Get Your CEO Fraud Prevention Manual

CEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Get Your Manual

Want to know and monitor the Dark Web for your organisations credentials? Check out our DomainWatch service

Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

Wed, 04 Nov 2020 09:04:00 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

Threat groups like Belugasturgeon are hiding within Exchange traffic to obfuscate both command relays and data exfiltration
Hackers are attempting to gain access to Exchange servers responsible for the Client Access Server role to deploy web shells that facilitate the harvesting of credentials during an Outlook on the Web session.
Belugasturgeon even went as far as to register one of their pieces of code as a Microsoft Exchange Transport Agent (reputable transport agents include antivirus, mail filtering, etc.) so that they could gain access to email passing through Exchange and be able to create, modify, or delete messages.

This level of sophistication makes it clear that the bad guys are willing to do whatever it takes to gain access to your credentials and email.

While the means to mitigate the issues mentioned above likely revolves around keeping any Exchange systems you still manage up to date with patching, it’s still important that users be vigilant around any abnormal communications issues – emails not being received by an intended recipient or not receiving an email from an external party could both be signs that, (assuming the user in question is involved with either a financial aspect of the organisation, intellectual property, customer data, or employee information) a bad guy could be messing with your email conversations and inserting themselves in a case of business email compromise.

Get Your CEO Fraud Prevention Manual

Get Your Manual

The Geography of Business Emails Compromise

Tue, 03 Nov 2020 13:32:08 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

“A quarter of the BEC actors we identified globally were located in the US, operating in 45 states and the District of Columbia,” Agari says. “Nearly half these scammers were located in five states: California, Georgia, Florida, Texas, and New York Many of the BEC actors in our dataset were clustered around a handful of US cities. The largest of these were based in and around Atlanta, GA, with 7% of all US-based BEC actors operating in this metropolitan area.”

The US government isn’t letting these actors operate unperturbed—the Justice Department has arrested dozens of people allegedly involved in these schemes. Still, the number of BEC attacks originating in the US is notable, considering that Europe only accounts for 6%, the Middle East for 4%, and the Asia-Pacific for 2%.

“It’s well-known that organizations within the United States are preferred targets for BEC actors. Some groups our team has researched, such as Exaggerated Lion, have exclusively targeted US-based businesses, for instance. But it may be surprising to some that a quarter of all BEC actors operate from within the US.”

Agari adds that BEC activity is on the rise in other countries as well.

“Because of the impact of BEC attacks globally, law enforcement in Nigeria has become more aggressive in recent years, which has caused BEC actors to migrate to other countries,” the researchers write. “Additionally, the significant return on investment from BEC scams has led far more sophisticated Eastern European cybercrime groups, like Cosmic Lynx, to get into the game. This only increases the geographic distribution of BEC attack sources.”

BEC attacks are extremely profitable, so criminals put a great deal of effort into refining their tactics. New-school security awareness training can help your employees thwart targeted social engineering attacks.

Agari has the story.

Get Your CEO Fraud Prevention Manual

Get Your Manual