93% Of Phishing Attacks Now Have Ransomware Payloads

93% Of Phishing Attacks Now Have Ransomware Payloads

I remember the first time I reported on ransomware in the CyberheistNews Issue of February 11, 2014, where an attorney's office file server was encrypted due to an employee opening an infected phishing attachment. I have to give him credit - the man bravely stepped forward to explain this problem to the world on TV.

Fast forward to June 1, 2016, when CSO published an article about a PhishMe report revealing that a whopping 93 percent of all phishing emails contain ransomware. To make matters worse, endpoint security tools are not catching up with the more than 100 different ransomware strains now in circulation.

CSO's Maria Korolov summarized the report with the following: "That was up from 56 percent in December, and less than 10 percent every other month of last year. And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015."

Soft Targeting

Korolov pointed out a particularly dangerous strain of ransomware. "In addition to the spike in the number of ransomware emails, one variant that's seeing increasing popularity is the ‘soft targeted’ phishing message,” she said. “It's somewhere between a business compromise email or spear phishing attack, which is targeted at one specific executive, and the general-purpose spam email that goes out to everybody. The soft targeted phishing email targets people in a particular job category, but may include some customization, such as the name of the recipient in the salutation.”

"This has been a creeping trend for a while now," said Brendan Griffin, Threat Intelligence Manager at PhishMe. For example, a popular type of phishing email is the resume email, which supposedly has a resume from a job applicant in the attachment.

“Recipients who don't work in human resources or other jobs where they hire people would either ignore it, or forward it on to the appropriate person at the company. Other job functions can be targeted as well. Other common types of soft targeted phishing emails are billing, shipping and invoice-related messages."

Asymmetric Warfare

The term "soft targeting" is adapted from asymmetric warfare where guerrilla forces or terrorists attack civilians -- often in other areas -- as opposed to attacking the military opposing force. The term applies in cyberwarfare as well, and is an apt description of what the bad guys are doing.

It's Here: Mass Customized Spear Phishing

I have been warning that these threats were inevitable, given the emergence of a well-developed internet underground economy and sophisticated criminal actors. I'm surprised the threats haven’t manifested themselves earlier, and this trend is only the beginning of greater cyber threats. Since practically everyone's personal, confidential data has been hacked and a large part of your work history is available through LinkedIn, it's easy to merge-purge databases and send highly targeted spoofed phishing attacks.

Can Your Domain Be Spoofed?

One of the first things hackers try to do is spoof the email address of someone on your own domain. If so, they can launch a "CEO fraud" spear phishing attack on your organization (supposedly from your human resources department, your CEO, or even your company’s mail room) and social engineer your users to click on a link.

That type of attack is very hard to defend against, unless your users are highly trained in security awareness.

Need help in safeguarding your network and your users against cyber threats? Contact us today.

Thanks to Stu Sjouwerman, CEO of KnowBe4, for sharing this article with us.