Ransomware attacks are increasing in both numbers and severity. Ransomware 3.0 refers to the rise of a new breed of ransomware and marks the beginning of an era of ransomware attacks conducted at scale. As hackers grow in numbers and obtain easier access to ‘plug-and-play’ ransomware tools, the number of attacks is increasing rapidly with more sophisticated strategies. Large ransomware organizations have pooled their resources to form a sort of oligarchy that no longer limits hackers to individual attacks. The global damage from ransomware attacks is estimated to be around $20B today and could grow to $265B by 2031.
Ransomware Expanding to Cloud SaaS
Newer species of ransomware attacks are now expanding turf to spread to Cloud SaaS services. Ransomware 3.0 attacks are capable of encrypting the critical SaaS data of cloud services and locking users out. Newer ransomware attacks can deactivate on-premise antiviruses and backup agents to delete or infect backups. One of the ways ransomware techniques are evolving is in the sophistication of phishing attacks. In this blog post, we will discuss advanced phishing techniques that can dupe even the most sophisticated end-user. We will also provide recommendations for how you can protect your business from these attacks.
What is phishing?
Cybercriminals commonly use phishing as one of the primary techniques to carry out ransomware attacks. Cybercriminals often masquerade as a trusted entity, such as a bank or government agency, to gain the victim's trust. While end-users are still susceptible to these regular phishing attacks, security training at most organizations has helped end-users become better at recognizing these attacks and being more cautious with their credentials. Consequently, hackers have become even more sophisticated in the level of deception they employ in these attacks.
Advanced phishing techniques:
Oauth phishing: This type of phishing attack targets users of the Oauth protocol that provides authentication services for most SaaS integrations. Oauth phishing emails contain a fake link that redirects the victim to a malicious website that looks identical to the real Oauth website. The victim is then prompted to enter their login credentials, which are then stolen by the attacker.
Spear phishing: Spear phishing is a type of phishing attack that targets a specific individual or organization. The attacker will often conduct extensive background research on the victim to personalize the phishing email and make it seem more believable. For example, an attacker might include the name, title, or company name of the victim in the email.
Personalized SMS messages (smishing): Smishing is a phishing attack that uses text messages instead of email. The attacker will send a text message to the victim that contains a fake link. When the victim clicks on the link, they are taken to a malicious website that looks identical to the real website. The victim is then prompted to enter their login credentials, which are then stolen by the attacker.
Third-party phishing: Third-party phishing is a type of phishing attack that uses a third-party service, such as an email marketing platform or a social media site, to send phishing emails or messages. The attacker will create an account on the third-party platform and use it to send phishing emails or messages to the victim.
Whaling: Whaling is a type of phishing attack that targets high-profile individuals, such as CEOs or CFOs. The attacker will often research the victim to personalize the phishing email and make it seem more believable. For example, the attacker might include the name or company name of the victim in the email.
SEO phishing: SEO phishing is a type of phishing attack that uses search engine optimization (SEO) to rank high in search results for specific keywords. The attacker will create a phishing website and optimize it for certain keywords. When the victim searches for those keywords, the phishing website will appear high in the search results. The victim is then taken to the phishing website where they could be duped into clicking on malicious links or revealing their login credentials.
Key Tools to Protect your Business from Ransomware 3.0 attacks:
Email scanning: Email scanning is a process that checks email messages for tell-tale symptoms of phishing attacks. Popular email scanning tools include ZeroBounce, MailTracker, etc.
Training: Training must be updated to enable employees to recognize these advanced phishing attacks and prevent them. Employees should be taught about the different types of phishing attacks and how to spot them. You can share with employees this infographic on advanced phishing techniques.
MFA: Multi-factor authentication (MFA) is an important security measure that can be used to protect against phishing attacks. MFA requires the user to provide two or more pieces of identification, such as a password and a fingerprint, to log in.
It should be noted, however, that if a user has been convinced that entering their credentials is okay, then they will also accept any MFA requests. Simple MFA for essential services may not be strong enough, as once an attacker has access to the credentials and authentication into the application, they now have a blank cheque to perform whatever actions they want (including, for example, deleting backups).
Deep MFA: Cybercriminals have increased the stakes in gaining the ability to circumvent immutable backup with stolen admin credentials. Asigra’s innovation in Cloud Backup with Deep MFA enables organizations to effectively counter the threat with one of the most advanced backup platforms on the market. Deep Multi-Factor Authentication enables multiple layers of mission-critical protection to secure policy settings and controls. Attackers with access to the Asigra backup software cannot perform critical functions without additional MFA requests. This effectively prevents backup data corruption, deletion, and/or malicious encryption with the use of malware.
Contact Asigra for more info on protecting your key data!
More robust security does not have to translate to inconvenience for end-users. Deep MFA is app-centric and password-less, and administrators can use biometric scans for seamless logins. This also reduces the scope of hackers wrangling login credentials by duping human administrators.
For more information, request a demo today!