The Oldest Trick in the Book
The lightsaber battle between Lone Star and Dark Helmet is a pivotal scene in Mel Brooks’ parody, Spaceballs. There is a turning point in this battle when Dark Helmet admits that Yogurt has taught Lone Star well, and concedes that the best man has won. In admission of his defeat, Dark Helmet walks over to shake Lone Star’s hand and snatches the Schwartz ring from his finger. Lone Star is dumbfounded, and Dark Helmet laughs uproariously while claiming he can’t believe Lone Star fell for the oldest trick in the book.
While it could be argued that phishing is one of the oldest tricks in a hacker’s book, it remains a widely used and highly effective attack technique. In fact, the Anti-Phishing Working Group (APWG) reported that the number of phishing websites observed in Q1 2016 increased 250% from Q4 2015 in their quarterly Phishing Activity Trends Report. The United States maintained its position on top of the list of nations hosting phishing websites with a sizable distance between them and the next country.
Startling New Developments
In its Q1 2016 Malware Review, PhishMe reported that 93% of all phishing emails contain encryption ransomware as of the end of March 2016, a 56% increase from December 2015. The proliferation of encryption ransomware is attributed to the fact that it’s becoming easier to send and offers a quick and easy return on investment while other types of attacks require more work to monetize. High profile ransomware targets include individuals, small-and-medium-sized businesses, hospitals, and global enterprises. Not all encryption ransomware varieties have experience the same level of success – Tesla and Locky usage accounts for the majority of ransomware samples analyzed while use of CryptoWall has significantly diminished.
The use of soft targeting (phishing emails that target people in a particular job category) increased in frequency and sophistication during Q1 2016. These messages often include a particular job title or leverage a narrative most relevant to a small number of individuals within an organization. For instance, an email sent to C-suite executives with a narrative about speaking sessions at an analyst event.
How to Combat Phishing
Despite the startling findings in these two reports, there seems to be some light at the end of the tunnel as companies are taking a proactive approach to training their employees to recognize phishing emails. A recent article in Network World reported that a key member of the WatchGuard Technologies finance team was targeted in a spear phishing attempt. Fortunately, the victim had received training and was able to spot the email as being suspicious. In accordance with his company’s policy, he alerted the proper personnel and this particular spear phishing attempt was avoided. WatchGuard went several steps further and conducted an in-depth investigation to learn as much as possible by playing along with the attacker.
Here at SentinelOne, we’ve also been trained to be wary of suspicious emails – though our next generation endpoint protection will protect against malicious code executing on our machines, it won’t stop us from entering personal details on an uninfected site. We need to be wise.
We’ve heard it for years now, but it still holds through that the only way to reduce risk within an organization is with a comprehensive security strategy that includes people, process, and technology. This definitely holds true with phishing attacks.