Cyber attacks demonstrate vulnerabilities and present threats that have the potential to cause significant damage.
The world, for example, experienced the impact of the WannaCry Ransomware malware attack on Friday 12 May which saw over 300 000 computers in 150 countries affected.
The WannaCry ransomware computer worm targets computers, encrypting data and then displays a "ransom note" demanding payments of around $300 in bitcoin within three days, or $600 within seven days from the user. Even though there is no guarantee of the release of the unique encryption code, failing to make the payment results in the data being permanently irretrievable. It is considered a network worm because it also includes a "transport" mechanism to automatically spread itself. This transport code scans for vulnerable systems, then gains access, installs and copies itself.
When businesses understand how these events occur it becomes a little bit easier to implement preventative strategies.
Trends show use of less automated vectors
Today, trends show that attackers use less automated attack vectors. The focus has shifted to social engineering at scale.
By definition, social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
Social engineering campaigns have evolved significantly. They are very sophisticated with attractive credible lures with Business Email Compromise (BEC) being the mode of distribution.
At the end of 2015, BEC comprised less than 1% of the attack tactics/vectors, but by the end of 2016 BEC made up 42% of the tactics. BEC accounts for billions of losses to businesses across the world as per various quarterly reports.
Projections for BEC into the latter half of 2017, in terms of their targeted victims, is to move downstream - meaning not focused at large corporates only but to include Small, Medium and Micro Enterprise (SMME) business.
The human factor
Social engineering is the predator and the human factor is prey.
The intent of cybercriminals using ransomware determines the methods used for distribution of the malware payload.
As long as the goal is revenue generation, the e-mail route or channel will remain the distributor of choice when compared to using ransomware as a tool for disruption and destruction.
The click of a mouse by the end-user fires-off the initial attack activation when accessing compromised mail that contains the malware payload. Even though end-points can be patched “patching” to eliminate the vulnerability which the malware exploit, the human factor remains the challenge.
Angler phishing is the latest ploy being used by scammers on social networks like Twitter and Facebook.
Angler phishing is a trend that spiked with 150% in the last 18 months with cyber criminals using social media as an attack vector. Angler phishing makes use of fraudulent social media accounts impersonating corporate client services directing unsuspecting clients via links to very realistic landing pages. This trend started with targeting the financial sector but has moved into the retail space over time as cyber criminals find this vector more and more successful.
So how does business defend the human factor?
A strategic focus
From a technical control perspective, in addition to already implemented protection layers, protection can be deployed in the flow of e-mails, detecting threats in attachments and URLs via sandbox services, fighting fraud by preventing angler phishing, scanning fraudulent social media accounts and accelerating incident response.
User awareness training is critical. Unfortunately the content age or immediate relevance of content for user awareness programs presented to employees compared to what is happening in the current threat landscape tend to lack behind.
Businesses of all sizes that have put in place a strategic vendor partnership to focus on mitigating cyber security risks, yet keeping a holistic view, have gained successful protection.