There is a new type of phishing attack that literally any one of us could fall for. Spoofing can be extremely hard to detect.
First, it’s important to understand that phishing is substantially more dangerous than data breaches. This recent study by Google points out that victims of a phishing attack are 400 times more likely to have their personal information stolen than a company with a data breach.
This new attack, however, hides in plain site as someone you may already be emailing with. Our rep at KnowB4 was able to show us, very easily, that they could send us a spam email from anyone in our office. It looks real, reads real and asks you to simply “Please see attached and confirm” with a Word document included.
The culprits can even include a previously-replied-to email thread, convincing the reader further that this is simply the next email in an already-engaging conversation!
Image source: KnowB4
Yikes! How does it work?
The Word document included asks the reader to enable macros. If the person receiving the email genuinely thinks it’s from their superior, there is no reason for them to not follow this direction! When activated, the macro launches a PowerShell script that downloads a trojan horse payload called “Ursnif”. This program can steal the victim’s credentials in several different ways, including screenshot capture, man-in-the-browser attacks and keylogging, to name a few. They essentially take advantage of vulnerabilities in web browsers and other applications to gather your personal data and browsing activity.
What can be done about this?
Education and awareness are the best lines of defence, to this day, for phishing attacks. They genuinely prey on the inevitability that someone, somewhere, will click on a link in their email. With an email that genuinely appears to be from someone the victim works with, this is an easy attack to fall for.
Here are some steps you could take now to mitigate the threat:
Disable MS Office macros, network-wide, if possible.
Ensure your firewall rules make a Word document flagged as potentially dangerous or quarantined.
Have your email servers block attachments that include any VBA/Macro code.
Configure endpoint security on workstations to catch malicious attachments.
Educate your staff. Awareness training is essential, and it can never end.
Do you know how safe your network is?
We are able to simulate an attack, at the request of a client, to see how many users fall for these attacks. We have done so this very year, even on ourselves! The results have been eye-opening. Even 1% of your staff clicking on a phishing email would thrust your business data into risk areas you may not recover from. As a business owner, it is imperative you take these threats as seriously as you would an impending natural disaster, or a classic black & white striped burglar literally walking into your server room and taking all your information out the window.
If you have concerns about the ongoing attacks, that will only increase through 2018, 2019, and beyond, please reach out to us for a no-obligation conversation. We’re here to help!