Cybercriminals are evolving their attack techniques, using ever-more cynical techniques to separate organisations from their money. Tom Cartlidge, Head of Threat Intelligence, Six Degrees, offers insight on the the latest phishing trends to enable organisations to adapt and take the appropriate measures to mitigate risk in the developing cyberthreat landscape.
In hindsight, the early days of phishing emails seem almost impossibly quaint. We lived in a far less cybersecurity-aware world a decade ago and cybercriminals were often able to catch victims out with phishing emails telling tall tales of long-lost relatives and wealthy princes. However, when we fast-forward to 2020, we find people are far more aware of the phishing email threats they face and how to spot them. Unfortunately, cybercriminals are far more sophisticated in 2020, too.
Since the UK government enforced a nationwide lockdown to tackle the spread of Coronavirus, cybercriminals have become increasingly busy targeting remote working users with phishing attacks. Here we consider the latest phishing trends and share some guidance around how organisations can adapt to keep the cybercriminals at bay.
Phishing trends: Phishing as an attack launchpad
When analysing phishing trends, it’s important to understand that phishing emails are often seen as a means to an end – not an end in themselves. In a recent high-profile attack, cybercriminals dubbed the Florentine Banker launched a sophisticated cyberattack on three large finance sector firms, attempting to transfer £1.1 million to unrecognised bank accounts. To date, around half of the money has been recovered. The initial phishing emails were really a launchpad from which the cybercriminals could launch a more sophisticated cyberattack that involved creating lookalike domains to divert emails and convince the victims to make malicious payments.
The Florentine Banker is a fascinating case and cybercriminals certainly see credentials for the likes of Microsoft 365 accounts as high-value targets. However, many – if not most – phishing emails today are sent by cybercriminals as a launchpad for the latest cyberattack trend: double-extortion ransomware.
The rise of double-extortion ransomware
Ransomware is a form of cyberattack usually carried out by cybercriminal groups for financial gain. In a typical ransomware attack, a target organisation’s network is penetrated by cybercriminals often by sending a phishing email to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.
The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.
This may all be fairly familiar so far. But what is relatively new is the trend for double-extortion ransomware attacks. Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. As part of the ransom demands to the victim, the attackers also threatened to leak stolen data onto the Internet. The intention of double-extortion ransomware attacks is to shame victims into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.
Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there has been an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.
Adapting to keep cybercriminals at bay
Double-extortion ransomware attacks are a relatively recent development in the cybersecurity landscape. By adding a layer of reputational damage that goes beyond typical phishing and ransomware attacks, they present an even greater risk to target organisations. As many of these attacks use phishing emails as a launchpad, organisations should be proactive in their approach to cybersecurity if they are to remain safe from compromise.
If you’ve been playing along at home you can probably guess the first piece of advice for how to adapt to keep cybercriminals at bay: implementing multi-factor authentication for mail filtering software. In 2020, there really is no good reason for not using multi-factor authentication to control access across an organisation’s entire infrastructure. Cybercriminals can and will exploit any vector they can to launch cyberattacks across an organisation; multi-factor authentication makes their jobs much, much harder.
But the latest phishing trends also warrant a broader assessment of an organisation’s cybersecurity posture. Here are four ways organisations can protect themselves more effectively from the latest phishing trends and other cyberattacks:
- Implement multi-factor authentication – Using multi-factor authentication for access to Microsoft 365 and other accounts will repel the vast majority of cyberattacks.
- Email security – Email is by far the number one vector for attackers to infiltrate organisations’ networks and phishing emails are the number one threat in the email space. Organisations should incorporate a robust email security solution to protect themselves from such attacks.
- Educate employees – Proper and ongoing education of employees around the evolving threat landscape will ensure they are able to identify and address phishing emails when they slip through the net and enter their mailboxes.
- Notification – If a breach has been detected in an organisation, the organisation should make sure to notify all of its business partners as well – any delay in notification only works for the benefit of the attacker.
Adapting to phishing trends
As we transition into the ‘new normal’ way of working together, we should all be proactive in our approach to handling the cyberthreats we face. By understanding developing phishing trends and other cyberattack methods, we can implement measures to keep cybercriminals at bay and protect our organisations from financial, operational and reputational damage.