Phishing has increased significantly since the start of the pandemic. Even though phishing messages sometimes are short and written in poor English, they lead to multi-million-dollar ransomware attacks.
Phishing has been around for a quarter of a century, yet it remains an effective cyberattack technique. Adversaries are quick to identify new opportunities, develop new tactics, and exploit human emotions.
A survey conducted by the cybersecurity company Sophos shows that phishing has increased significantly since the start of the pandemic. All sectors were affected, with the central government experiencing the highest increase (77%), closely followed by business, professional services (76%), and healthcare (73%).
According to the company researchers, the minor variation between sectors affirms that adversaries are often indiscriminate and will try to reach as many people as possible to increase their likelihood of success. For organizations, phishing is often the first step in a complex, multi-stage attack.
“The temptation for organizations can be to see phishing attacks as a relatively low-level threat, but that underestimates their power. Phishing is often the first step in a complex, multi-stage attack. Attackers frequently use phishing emails to trick users into installing malware or sharing credentials that provide access to the corporate network,” Chester Wisniewski, a principal research scientist at Sophos, is quoted in a press release.
The Sophos Rapid Response team has seen first-hand how a seemingly innocuous email can ultimately lead to a multi-million-dollar ransomware attack. Three months before the attack, an employee received a phishing email. The email appeared to come from a colleague in another office – the attackers had likely accessed the co-worker’s email account to trick fellow employees into trusting the message.
The message was concise and written in poor English. It asked the employee to click on a link to check a document. The link was, in fact, a malicious web link, and when the employee clicked on it, they enabled the attackers to get the access credentials for the Domain Admin. Even though the victim’s IT team stepped in and shut down the phishing attack, three months after the original phishing email, the attackers unleashed REvil ransomware at 4 am local time and demanded a ransom of $2.5 million.
“Cryptojacking, data - and even financial - theft are all potential outcomes after a phishing attack has opened a door for adversaries,” Wisniewski said.
The pandemic presented a lot of opportunities for cybercriminals to take advantage of. Attackers hoped people would lower their guards while working at home. As the need for social isolating grew, threat actors started to impersonate different delivery companies. Also, attackers continuously exploited the widespread concern about the pandemic and other disasters. As hurricane Henri approached the US East Coast, CISA (Cybersecurity and infrastructure security agency) warned people to remain alert for hurricane-related cyber activity targeting potential disaster victims and charitable donors following a hurricane.
“Fraudulent emails, often containing malicious links or attachments, are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events,” CISA warned.
The survey revealed a considerable difference in the increase of phishing attacks reported by the country. For example, 90% of respondents in Israel reported a rise in phishing compared to 57% in Italy.
“Skilled adversary groups typically focus their targeted attacks on countries with higher GDP such as Austria, Switzerland, and Sweden to maximize their financial return, likely contributing to the widespread increases in phishing in those countries. At the same time, phishing is also used in mass-market ‘spray and pray’ attacks where adversaries hope that if they try enough people, eventually someone will fall for the scam,” Sophos researchers explained.
90% of the surveyed organizations have implemented a cyber awareness program to address phishing. However, the government sector lags behind when it comes to running cybersecurity awareness programs.
“This is concerning, as government organizations are frequent targets for high impact cyberattacks: central government is most likely to experience extortion-style ransomware attacks, while local government is most likely to have their data encrypted in a ransomware attack,” the researchers claimed.
According to Wisniewski, it would be ideal to prevent phishing emails from ever reaching their intended target.
“Effective email security solutions can go a long way towards achieving this, but this should be complemented by alert and primed employees who are able to spot and report suspicious messages before they get any further,” he said.
In an effort to help workers stem the growing tide of malicious emails, the UK’s NCSC (National Cyber Security Center) has introduced a one-click solution for employees to flag suspicious messages and send them directly to the centre’s Suspicious Email Reporting Service (SERS). Clicking the button will also report the email to the company’s IT team.
More from CyberNews:
Subscribe to our newsletter