Voltone Solution Partners
Email Phishing and Malware
Its been awhile since we posted as we have been in hibernation due to the brutally cold Cincinnati weather, but spring is around the corner and we are hungry! So, lets dive in to a security related post, focusing on malware and phishing as a recent report from Microsoft has found that malware has decreased globally, however phishing has drastically increased.
Most of our post are geared towards small businesses, but this post also applies to medium to large businesses, as email phishing attacks effect every user. Phishing emails are becoming more and more difficult to pick out. If a specific attack happens to a user malware can be installed to a user’s computer, these two generally go hand in hand to wreak havoc on a user’s system then potentially the entire infrastructure.
I propose the question why focus on this? Well, one of the most effective attacks is phishing emails, and the easiest way into a company. Why? Because, the end user generally lacks proper training, which accounts to 35-40% of malware attacks. Its not because an attacker broke in to the network, its due to a user clicking on a phishing email which then installed malware which in turn provided remote access for the attacker.
How do we combat phishing emails? Training the end users to pick out phishing attacks and putting through phishing email simulation training. This is generally a long process, and can be completed over many different time periods, we suggest at least 6 months. The phishing emails grow in complexity and the training increases. I’ll add in a few examples that we often come across, that are very difficult to spot.
Lets take a look at Microsoft’s report you can view it here - Microsoft Security Intelligence Report. According to the report phishing emails increased 250% over 2018, Microsoft scanned over 470 billion email messages for malware and phishing per month. Thus, increased the percentage of success for the attackers. The more emails sent, the more likelihood of an end user clicking a link and getting malware installed. So what kind of phishing emails are there? Where do they come from?
Domain Spoofing – the domain is spoofed and is the exact match of the expected domain
Domain Impersonation – the email domain looks very similar to an expected domain
User impersonation – the email comes from someone the user knows
Text Lures – text that looks like its coming from a legitimate source
Credential phishing links – these take you to a webpage to enter credentials, password resets etc.
Attachments – opening an attachment that redirects or installs malware
Links to fake cloud storage – ask users to sign in with cloud account and give permissions
Many emails come from cloud services such as AWS, Google, which makes it difficult to track down by IP address, this is considered polymorphic phishing, this allows the attackers to avoid detection and come from legitimate IP addresses. Another source we have seen is an end users account being compromised and sending a few thousand emails out within a matter of minutes. This is due to a password being taken or an email account broken into. These phishing emails come from a legitimate source, which is extremely difficult to combat against. Still the best defense is end user training.
A few items I want to reiterate here, training your end users, by far the best way to combat malware and phishing emails, secondly, having good security in place from the beginning. From your firewalls, to spam filters, to proper password security in place at your business. Many times, we have found these simple things are quickly overlooked or bypass due to making it easier for the users. Training users to use basic security principles not only at work but also in their personal lives and be challenging as most people tend to take the path of least resistance and use simple passwords, the same passwords across multiple accounts just for ease of remembering. Often IT people will open ports up without proper redirection, firewalls are not kept up to date and holes are found by the attackers. So make sure your IT consulting company is keeping your business up to date.