Author: David Kelm
, 12. December 2016
Reading time: 4 minutes
The distribution of so-called Ransomware via e-mail by phishing attacks is not new, but still extremely dangerous for companies. Ransomware are malicious programs that take control of company data on infected systems and then demand a ransom to release the data again. The current wave of attacks "GoldenEye"
reaches a remarkable level of professionalism, so that even well-trained and attentive users can become phishing victims. In addition to phishing safety trainings
, further measures should therefore be taken to help protect the company.
Social hacking and phishing: How ransomware spreads
"GoldenEye" has been active for a few days now and is targeting companies in Germany. The phishing e-mail hiding the ransomware is disguised as a deceptively real application e-mail on behalf of the German Federal Employment Agency. And all this without the otherwise frequently occurring formal or linguistic errors, but with concrete reference to a real job posting. Such details can otherwise often reveal phishing mails. An XLS file is attached in which the ransomware is hidden behind macros. In many cases, a perfectly legitimate PDF file is attached as well, which does not cause an infection, but only underscores the credibility of the sham application – a typical case of the exploitation of social norms and the faithfulness of the victims through social engineering or social hacking.
Phishing attacks have been on an impressive high for some years now, with the number of phishing e-mails increasing by an incredible 789% between Q4 2015 and Q1 2016. In 2016, Ransomware was widely and very successfully distributed via e-mail and, together with the phishing attacks, its incidence has continued to increase. In the meantime, the professionalism of these attacks has improved enormously, and GoldenEye is characterized by a hitherto unprecedented quality of malicious mass e-mails. Until now, such an energy has only been invested in particularly high-value targets, for example in the CEO fraud, where e-mails on behalf of the CEO ask for account data or transfers through the company's accounting department. Now these dangerous cyber attacks are reaching even more companies.
Due to the immense volume of business e-mails and due to human errors, the infected e-mails slip through again and again despite security measures and can lead to infections of the company systems, which can ultimately lead to interruption of production or loss of data.
How can companies prevent phishing attacks and ransomware?
Raising the awareness of potentially affected employees through security trainings
is an important step to prevent future phishing attacks. Yet even every well-trained users are phishable. For this reason, additional security measures are recommended to protect against the persistent problem of phishing. Which measures make the most practical sense depends on each company's individual circumstances. Nevertheless, there are some basic tips that can contribute to security at low cost in any company.
Anti-phishing security tip 1: Communicate company internal information sparingly
The disclosure of information on the Internet is an effective tool for marketing and corporate communications, but it also carries a risk: attackers collect this information and use it to create professional cyber attacks. For example, the above-mentioned CEO fraud will be greatly facilitated if you read on Twitter that the CEO is on a business trip and the accounting staff and e-mail are listed on the company's website. Therefore, any publication – be it documents, job advertisements, social media or your own website – should always consider what a potential attacker could do with this information and whether the publication is still worthwhile.
Anti-phishing security tip 2: Improve e-mail verification and filtering
For protection against spoofed emails, corporate system administrators can configure e-mail filters to check SPF, DKIM, and DMARC records. In addition, your own entries should be correctly set. This makes it quick and easy to mitigate the threat by making it easier for users to distinguish between real and fake e-mails.
Anti-phishing security tip 3: Backup copies in the cloud
Corporate files can be protected as a precautionary measure by regularly storing them redundantly on independent servers and automatically synchronizing them with secure cloud storage providers. Depending on the type of attack, either the independent backup or version history, for example, in the vaulted cloud of Tresorit, can help restore the data that has been blocked by ransomware.
Anti-phishing security tip 4: Professional application portal
Job portals such as LinkedIn can be used to specifically minimize the threat posed by application e-mails with GoldenEye. In addition, an online service can be set up via which all applicants must register and upload documents by default. If an application is then submitted by e-mail, it is so conspicuous that the HR team members will pay more attention to the content.
Nevertheless, the following applies: If you have any doubts, you should not open an attachment or link of unknown senders, but rather ask the IT department. There's no such thing as a stupid question: if ten false alarms help prevent an attack, it saves the IT department a lot of time and trouble.
An independent, individual analysis is helpful to find out where phishing security trainings or further security measures in your company are appropriate. Internal employees often already have their own view of things – with the help of an independent service provider such as IT-Seal, the most efficient security measures can be identified.