Spear Phishing
What is spear phishing?
Well as the name suggests it’s a more targeted and crafted approach to spam. If you think of normal spam as a “To whom it may concern” drop to all mailboxes, then a Spear Phish has your name and details on it and is delivered just to you.
Why it’s a serious emerging threat?
Although phishing has been around since the dawn of email and systems have evolved to counter them in many ways threat actors are still finding ways to circumvent mail filters. As such the sophistication of some Phishing attempts mean if its not detected by the filters then it can be almost impossible for a user to identify it as Phishing.
Spear phishing is designed to be much harder to detect for users and systems then other phishing methods. Some are easy to detect for example the spam of the “CEO” wanting the finance officer to go buy $5000 of apple gift cards for them to the incredible complex and leveraging things like Cyrillic and ASCII symbols. Below is an example. 1 is a spoofed scam using Cyrillic to mimic an English character and the other is real.
At a glance can you tell the difference?
(hover over or click the email addresses and see if you can spot the difference)
Combine this with a faked email trail appearing to come from inside the organisation, knowing when certain people are on leave (via OOF notifications) these emails become well-crafted to appear completely legitimate. Many also take advantage of certain events like EOFY where certain departments are under pressure and might not have the time to check items correctly. Its for this reason that all users should be extra vigilant during these times.
How we fight it?
Most mail filters can scan for symbols and character spoofing like the above. However, many don’t have the feature enabled. This combined with user education of what to look for provides some of the best ways to help counter this attack type as its built to fool people instead of systems.
Ransomware
What is Ransomware?
Firstly, we have ransomware. Ransomware is a program designed to install itself through an environment and lock it after which a ransom demand will be issued for the code to unlock the systems. This is also coupled with the theft of data and the threat of release of this data if the payment demands are not met in a certain timeframe (generally about 5-7 days)
Why it’s a serious emerging threat?
In 2023 the losses to Ransomware are on track to top $1 billion US which is double the losses incurred in 2022. Ransomware groups pay bug bounties to people to help ensure their ransomware cannot be exploited itself and they also offer fulltime employment with benefits such as paid annual leave to attract developers!
Because of this Ransomware is on the rise and emerging at the top cyber threat faced by companied in 2023 and beyond.
How we fight it?
Ransomware needs several things to successfully deploy in an environment and while these evolve, and new attack paths are discovered certain security measures provide some of the best protections. Including,
MDR / XDR: A good threat detection and response such as Sophos, SentinelOne and Crowdstrike can detect the initial Indications of Compromise (IOC’s) and prevent them from deploying.
IFS Security: Many of the initial ingress points to deploy a ransomware payload are via an Internet Facing Service (IFS) for this reason any system that can be accessed outside of your network should have where possible MFA and more robust security controls.
User Education: Another common ingress is a user downloading a dodgy file or files from the internet. User education on how to stop potentially harmful files and how to stop potential signs of an account compromise can significantly bolster Ransomware prevention.
Vishing
What is Vishing?
Last but not least, we have Vishing. Vishing is Voice Phishing or getting spam and scam phone calls or voicemails.
Why it’s a serious emerging threat?
I’m sure everyone has experienced the rise in ransom mobile calls over the last 2 years, this can range from the classic “Microsoft Support” to people attempting to claim they are federal agents, from the ATO and other government agencies.
An example emerging vishing threat has been calls where the caller repeatedly asks if you can hear them. The natural response is the say “yes” as the line will have no issues. The caller might ask this same question a few more times and then hangup. The reason for this is the caller records your voice saying “yes”.
If you have ever done a new phone contract or similar over the phone with Telstra part of the process is for you to agree to the terms of the contract by saying “yes” So these scammers will take this recording and use it to signup for services over the phone to get devices (such as new phones) to then on sell. The main issue with this is the fact that its your voice on the recording they have so its very hard to get these services cancelled or to not incur a financial penalty.
How we fight it?
If someone calls and asks if you can hear them reply with “I can” this is useless to their needs, and they will likely end the call quickly. If you don’t recognise the number, then you can also let it go to voicemail. Most people that are legitimately calling should leave a voicemail which a scammer wont.
If they claim to be from a government agency, ask for a case or reference number (they likely wont have one) and also ask for their full name (which they likely wont want to give or this question will throw them) but if you are still concerned then google the agency they claimed to be from and call the listed number of the website and enquire if the call was legitimate.
Contact us today
Contact us today to learn more on how you can safeguard your business from cyber threats.
