Ransomware remains a growing IT threat with current estimates of an attack occurring every 11 seconds against a business or government agency. One of the main delivery mechanisms of ransomware is social engineering attacks, a prominent attack vector that targets staff within your organization. In this blog, we discuss the dangers posed by social engineering, as well as how to protect yourself from them.
What is Ransomware?
Ransomware is a specific type of malware infecting your system and encrypting files and data. These encrypted files are rendered useless and only accessed through a decryption key. The key is then ransomed off by the attackers for an exorbitant amount of money. In order to avoid a ransomware attack, you must identify the main attack vectors and defend against them. According to a 2020 Incidence Response and Data Breach Report by Palo Alto, the two most common initial attack vectors for ransomware were Remote Desktop Protocol (RDP) Compromise and Social Engineering. To learn more about RDP Compromise and how to protect your organization from it check out this separate blog on the topic, “Remote Desktop Protocol and The Ransomware Problem.”
Methods of Social Engineering
Social engineering has always been a dangerous threat to IT security since it targets the least secure part of every IT environment: humans. No matter how secure your IT infrastructure is, it will need to interact with people and those interactions are opportunities for security mistakes and social engineering attacks.
The most common form of social engineering is email phishing. Phishing has been around for decades, but with the threat of ransomware, it has become even more pervasive and dangerous. For the uninitiated, phishing is when attackers send fraudulent emails that either contain dangerous links or exploitative requests. These emails are disguised as legitimate emails, often pretending to be from a trusted source.
A specific type of social engineering to be hyper-aware of is pretexting. Pretexting is a method of attack where the perpetrator impersonates someone who would already have the sensitive information they are requesting. Examples would be a coworker asking for an account password, or a bank clerk asking for an account number. The perpetrators will often provide information that attempts to confirm their credentials, making these emails difficult to differentiate from legitimate emails at first glance.
Spear phishing is a more elaborate form of phishing that combines phishing and pretexting. This attack targets a specific individual within a company and involves fraudulent emails designed specifically to trick that individual. Hackers use pretexting to build trust with that individual, and may not include malware or compromising instructions in the initial emails. The goal of spear phishing is to establish trust and then deliver an attack by getting the user to click a malware-infected link, or complete a compromising task.
How to Stop Social Engineering Attacks
The main way to stop social engineering attacks is by updating your IT security plan to include staff training against these types of attacks. Social engineering targets employees, so preparing them for these attacks is mission-critical. The main danger is assuming your staff is invulnerable to social engineering attacks, as tactics continue evolving. Even if training and guidance is provided on this topic, it is important to review your security plan. Furthermore, ensure your strategy is up to date and covers the current landscape of social engineering threats
Also, technical protocols can be put in place to stop social engineering attacks. These protocols work to prevent phishing attempts and other attack vectors from reaching their targets. By implementing email quarantine systems for suspicious emails, a large portion of social engineering attacks renders useless. Additionally, build your email quarantine protocol by utilizing a Real-Time Block List as well as restricting emails that include attachments with risky file types. Other protection methods include preventing the email client from automatically downloading pictures and content. In brief, even if a malicious email is opened the malware package it is delivering will not activate as long as the user does not engage with the email any further.
If you are unable to stop a social engineering attack it is critical you maintain proper anti-virus and ransomware security solutions in place. This includes a robust backup and recovery system, a critical element to ransomware security, and also possesses other helpful uses for your organization. To learn more about ransomware solutions, or the threat of social engineering use the button below to talk to a cyber security expert from Strategic Communications.
Share this Post