Last May we wrote about the Governments “whole of society” approach to cybersecurity. The volume, complexity and impact of cybersecurity attacks increases daily making it more and more difficult for defenders to keep up.
We need to ensure that we are constantly aware of the rising threats that face our organisations. Our cyber expert, Greg Nott, has shared how we can do that.
What have we seen?
In 2021 there were 623 million ransomware attacks globally. In the UK it is estimated that, on average, a new ransomware attack happens every 11 seconds (2,866,909 per year). This is anticipated to be every 2 seconds by 2030 (15,768,000 per year).
As defenders, the pressure is on us to win 100% of the time. The attackers only have to win once.
It is important within this global threat landscape that we recognise we must not work in isolation. Our efforts to protect ourselves, also help to protect others.
Company A recently received a phishing email sent to several of its users. The email seemingly came from a close partner organisation, from a contact known to many of the recipients.
Rather than the usual badly constructed email, full of grammatical errors coercing the recipient to click on an obviously dodgy link, the email was simply a link to a shared OneNote file. The email appeared to be a genuine template generated by Microsoft SharePoint confirming that ‘XX has shared a file with you’.
Following the link, users were taken to a genuine SharePoint site and directed to a OneNote file that contained another link, this time to a dodgy site designed to harvest users' credentials. These and similar attacks can lead to malware infecting the user’s device simply by opening the link.
Fortunately, several of the recipients at Company A realised the email was a phishing attack and took action to block the dodgy link and delete the email from users’ mailboxes.
So, how does this relate to the ideal of looking after each other?
After investigation, it was confirmed that the partner organisation had indeed recently been compromised. A user account had been accessed by a bad actor and was then used to create a OneNote file containing the dodgy link and share it with dozens of contacts known to the compromised user looking for their next target(s).
The compromised organisation did not use Multi-factor Authentication (MFA) to protect their Microsoft 365 accounts, meaning it would have been all too easy for the bad actor to have taken control of the user account.
In fact, it was also found that the company had been compromised twice before in similar attacks, yet had still not taken simple steps to protect their accounts.
Luckily, Company A had has relatively strong controls in place to protect against phishing attacks, in particular a robust email protection service that will block mail from spoofed senders, and web filtering that will prevent connections to suspicious links.
On this occasion, these controls had no cause to block an email that had legitimately originated from a known sender, did not contain any usual hallmarks of a phishing email and only contained a link to a genuine Microsoft SharePoint site connected to the sender.
In short, the lack of security at the compromised organisation put their partner, and other recipients, in jeopardy, allowing the attackers to leverage the trust that existed between these organisations.
Protecting ourselves and our organisation
So, what can we do to protect ourselves and our organisations?
Here are some of our top tips to be ahead of phishing and other cyber attacks:
- Educate users: One of the best ways to protect against phishing attacks is to educate users about what they are and how to recognise them. Provide regular training sessions to help users identify suspicious emails, messages or websites.
- Use anti-phishing tools: Anti-phishing tools such as browser extensions, email filters and security software can help protect users against phishing attacks. Make sure that these tools are up-to-date and configured correctly.
- Verify the source: Encourage users to verify the source of emails, messages or websites before taking any action. Check the sender's email address, domain name, and any links included in the message.
- Implement multi-factor authentication (MFA): MFA is a security measure that requires users to provide at least two forms of identification, such as a password and a code sent to their phone, to access their accounts. This can help prevent unauthorised access to user accounts.
- Keep software up to date: Phishing attacks can exploit vulnerabilities in software. Keep all software, including operating systems, web browsers and plugins, up to date with the latest security patches.
- Be cautious with personal information: Encourage users to be cautious about sharing personal information online, especially in response to unsolicited messages or emails.
- Establish reporting procedures: Establish procedures for users to report suspected phishing attacks. This will allow IT teams to quickly respond to any potential threats and take action to mitigate them.
By following these steps, your users can help protect themselves and your organisation from phishing attacks. Remember that preventing phishing attacks requires a combination of education, technology, and vigilance.