An increasing number of ransomware attacks are coming through emails. It’s clear that the ease of attack vector is changing, and not for the better. On Episode 13 of The Cyber Security Matters Podcast we spoke to Ronnen Brunner, an SVP at Ironscales, about his work in selling the future of phishing protection. He shared his insights on the increase of ransomware attacks in emails and told us how we can identify and protect against these attacks.
You don’t need to be an expert in order to send a successful ransomware attack, because there are services you can just download on the dark web that will do all the hard work for you as a hacker. You can spam attacks directly to customers – you don’t need to be the sophisticated hacker sitting down and programming a credential theft or phishing attempt. You can use existing engines to attack people, and because of the ease of it, it’s become a lot more common.
There’s a lot of variety when it comes to scammers who will spam hundreds or thousands of people and those who target specific individuals. A lot of hackers are just hoping that some of their attempts at phishing will be successful, and they’re the ones focussing on quantity. Especially when you’re looking at credential safe, or Spear Phishing, they are targeting specific people by sitting in their mailbox, getting to know the regular interactions that they have and then designing a targeted attack that they won’t see coming.
These scammers can learn your pattern of the behaviour, your invoices, forms, vendors etc, and create a legitimate invoice with different bank details on it. Once a payment has been made it’s often incredibly difficult to get back. Lots of these scammers are posing as big companies, because it’s easy to make an email look like it’s coming from a reliable source. You can emulate the domain name or make it look like it’s coming from a person in the company whose information you found on LinkedIn. From speaking to these companies we know that 60-70% of attacks are coming in through their emails. They’re being targeted because of the information they put online.
We’ve seen customers trying to stop it. It’s incredibly hard because of the quantities of emails that go in and out. Some of these attacks look very sophisticated. It’s all about training people to identify what’s a ‘known dead’ and what’s a potential red flag. People need to understand malicious content and intent, then utilise machine learning or AI to sift through the information and flag any anomalies that could point to an attack. In the business we have something called ‘zero day attacks’, where there is no other indication that this email isn’t genuine. There’s no markers from our list of ‘known dead’ elements to tip you off, and that’s when these attacks are their most dangerous.
Some things to look out for are language like ‘buy these amazon vouchers’ or requests to change bank details on an invoice. These could be very simple emails that look like legitimate communications from known senders. You should always question changes to your payments. Once bank details are changed and you make a payment, you’ll notice a massive increase in emails that ask you to change the bank details for other vendors, because these hackers have figured out how to effectively steal from you.
Everybody’s seen an increasing number of attacks since the COVID pandemic, because hackers had the time to fine-tune these attacks. They’re becoming incredibly successful and sophisticated, which is why we need next generation solutions. Everybody we’ve spoken to has a fishing problem, because they’re not preparing for these attacks in their systems. Even though sometimes these attacks are stopped our email providers, there are still several getting through. People need to report phishing attempts if we’re going to get an accurate idea of the problem, and sadly that’s not happening either. We should be crowdsourcing suspicious behaviour and building a safer world together.
To find out more about keeping yourself safe online, tune into The Cyber Security Matters Podcast here.
We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.