By Paul Colwell, CTO, CyberGuard Technologies
Cybercriminals are using email trickery and falsehoods to gain access to business networks and steal or compromise corporate data
Many corporate breaches start with a social engineering attack, but what exactly is a social engineering attack? Most enterprises will already know about phishing, whether they’ve been subject to a cybercriminal using phishing tactics to try and gain access to their business networks to try and steal or compromise corporate data, or just know of this as a growing risk for today’s enterprises.
Phishing uses malicious emails that are designed to appear as if they’ve been sent from a legitimate source but are entirely about trying to steal sensitive information like password credentials and/or sensitive data such as bank details.
Those same trickery techniques and falsehoods can also be used to deliver malware through sophisticated social engineering. Fooling a victim into thinking an email is genuine and that any attachment is benign is the key here, but if the phishing email never makes it into the victim’s inbox, or the user doesn’t give up sensitive data or click on a link that detonates a cybersecurity threat payload, then the attack attempt fails.
This reduces any impact on businesses, so social engineering awareness is key to assisting your teams in recognizing phishing and malware emails visually and using smart technology such as threat intelligence.
Threat intelligence ensures enterprises know what is happening around major, current threats. They also have the knowledge and ability to stop attacks before they succeed, by using additional solutions leveraging that threat intelligence such as SIEM (Security Information & Event Management).
Tips for detecting phishing emails
Cybercriminals are continuously evolving their tools, tactics, and techniques to evade spam detection systems, so staying one step ahead of them is vital at all times.
There are many ways for enterprises to protect themselves against social engineering threats, but first and foremost, they need to be able to spot a social engineering email. So, here are the top things to look out for/be aware of:
- Is the email making one panic or tempting with an incredible limited time offer? That’s the sign that one should take a deep breath and check especially closely for the other signs of a phish.
- Authentic services will contact you using the name you gave when signing up – so check that this email has your full, accurate name spelled right. A generic headline like “dear valued customer” is often a sign of a fake email.
- Most brands will not ask for login credentials, financial information, or personal data via email. So never share those details without checking first with customer support to make sure they really requested that information from you.
- Phishers use lookalike addresses or imitate people in your contact list. Be on guard if you know joe.bloggs(@)combut the email has come from joe.bloggs(@)gmail.com.
- Check the destination links are taking you before you click on them. Hovering on a link will show you the destination.
- Does the message include an attachment that wasn’t expected? If so, contact the sender directly for confirmation of its authenticity.
Cybercriminals are always ready to manipulate current events to make social engineering more effective. The COVID-19 crisis was a dramatic example as the pandemic provided them with new ways to prey on users’ emotions – especially urgency and fear. And it wasn’t just businesses that were falling foul of cyber criminals over this year – government initiatives also provided lucrative targets for fraudsters.
Malware attacks usually involve a camouflaged or weaponized attachment, which increasingly uses a form of file-less malware contained in a macro or script. When the unsuspecting victim opens the seemingly harmless attachment, they have inadvertently given consent for the macro to begin running.
The malicious script executes upon the endpoint, leveraging existing applications (such as PowerShell) to download and execute malware within the system’s memory, without dropping any file onto the disc system.It is very difficult for traditional anti-malware solutions to detect because the document itself is not initially malicious. The document only becomes a danger after the hidden macro code within it is executed.
Prevention is always better than cure for any enterprise threat, but this is especially true of phishing and malware threats delivered via social engineering emails. Your business should conduct regular user awareness training sessions to help your teams recognize the attack to prevent it from occurring.
Combine that awareness and knowledge with technological solutions, and you’re fortifying your enterprise security even further. Malware that’s been sent via social engineering emails is generally not detectable until after it has been downloaded and/or executed, so adoption of next-gen anti-malware is recommended for every business.
Next-gen anti-malware products use behavior analysis, AI, and machine learning to learn about and detect how file-less malware operates – to stop malicious scripts as they move from an attachment to the computer systems’ memory or, if already transferred, to halt any further stages of the attack.
Next-gen anti-malware solutions can also be used to detect a script’s potentially malicious behavior as it executes and attempts to download additional dangerous payloads into the computer systems’ memory.
To stop the detonation of socially engineered threats, your enterprise needs to understand and act on the alerts initiated by defense measures like next-generation anti-malware and leveraging threat intelligence data. It is best done via a security information and event management system, or SIEM.
However, the difficulty for many companies lies in the cost and skill set required to manage this combination of products and processes successfully. Still, by adopting a managed security service capable of maintaining the SIEM solution itself, enterprises can have detection rules based on the latest emerging threat so that they can investigate and respond to those threats promptly.