For the second part of the series we would like to dive into educating the user as well as social engineering. The user continues to be the weakest link in many organizations; while it is not that a user has bad intentions, they just frequently represent the easiest target. This can be easily depicted by using a house analogy, the organization can put locks on the doors and
windows as well as installing a state of the art alarm system. This does not prevent the attacker from simply knocking on the door and being invited in by the homeowner. As a matter of fact, this is what makes phishing campaigns so successful. The user is actually tricked into unknowingly granting attackers access to corporate resources.
A successful phishing campaign against a targeted user base is not very difficult to undertake due to social media, and the abundance of information regarding the employee base, and corporate data on the internet. A few quick facts about methods employed to target attacks against a user or user community.
- Millions of people log in to their social media profiles every day. In fact, over 1.3 billion users log onto their favorite social networking sites monthly.
- Within users profiles there is an abundance of information including Name, Date of Birth, Location, Workplace, Interests, Hobbies, Skills, Relationship Status, Telephone Number, Email Address and Favorite Foods, etc. - information that allows an attacker to “know the victim” in order to gain trust. All of this information can and will be used against the target.
- Attackers can and do send crafted spear phishing emails to your inbox, they can imitate the user by tricking the user’s contacts into divulging information or using a trusted source to infiltrate an organization’s IT systems.
In Febuary 2016, a Snapchat accountant fell for a phishing scam. In the email a hacker, posing as Snapchat’s CEO Evan Spiegel, requested payroll information for existing and ex-employees. The hacker then exposed that information to the outside world. At this point, the damage had been done and the most Snapchat could do was provide their employees with identity-theft monitoring and insurance.
How do organizations prevent this from occurring within their user base? Educate the staff, in particular non-technical staff. Many users within your organization do not understand or think about how adversaries use easily obtained personal information as a weapon to infiltrate an individual’s personal or professional data. In the case of professional data, this is the corporate intellectual property, secrets, or highly sensitive client data. The key to winning this battle is to be ever vigilant in disseminating information to your organization.
Unfortunately, companies are often reactive to security breaches as opposed to taking preventative means. Clearpath is a huge proponent of PhishMe, a phishing defense platform focused on fortifying employees and enabling incident response teams to quickly analyze and respond to targeted phishing attacks. A 4-part cycle, PhishMe empowers companies with user education starting with the PhishMe Simulator and PhishMe Reporter.
PhishMe Simulator generates customized phishing attack scenarios which gives users the awareness of how easily phising can occur to anyone. Having this new awareness, employees can add, with one click, suspicious emails to the PhishMe reporter to be analyzed by security IT teams.
PhishMe Triage is the first phishing-specific incident response platform that allows security operation and incident responders to automate the identification, prioritization and response to threats delivered via phishing emails. The platform gives incident responders the visibility and analytics needed for email-based attacks occurring against their organization in near real time. Available as hardware or virtual appliance, PhishMe Triage seamlessly integrates with your existing SIEM, malware and domain analysis and threat intelligence solutions. Available as a stand-alone product or integrated with the PhishMe solution suite, PhishMe Intelligence is a high fidelity, human-verified intelligence service to enable security teams to identify, block and investigate ongoing and evolving threats.
PhishMe is an excellent, low-cost option for companies looking to take the preventative approach. It is an easy product for IT teams or even one person, to deploy, operate, and maintain.
Be on the lookout over the next few weeks for parts 3, 4, and 5, listed below:
- Malware Blog Series Introduction
- Part 1 of 5- Detecting and Blocking Malware at the Gateway Before Users are Affected
- Part 3 of 5- Hunting Hidden Malware in your Datacenter
- Part 4 of 5- Complete Endpoint Solutions
- Part 5 of 5- Enabling Secure IT Operations for your Organization