PSA: Hackers increasingly targeting staff working from home with phishing attacks

PSA: Hackers increasingly targeting staff working from home with phishing attacks
According to its “ Q4 2020 top-clicked phishing report ” carried out by security awareness training company KnowBe4 , found that work-related email subjects are becoming popular with hackers as covid-19 changed our work habits.
Stu Sjouwerman, CEO, KnowBe4 said:
It’s no surprise that phishing attacks related to working from home are increasing given that many countries around the world have seen their employees working from home offices for nearly a year now.
Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down.
The bad guys deploy manipulative attacks intended to strike certain emotions to cause end-users to skip critical thinking and go straight for that detrimental click.
From their analysis of thousands of emails during Q4 of 2020, KnowBe4 found that the top 10 subject lines of actual emails users received and reported to their IT departments as suspicious included:
*Capitalisation and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
According to the company, hackers are playing into employees' desires to remain security-minded.
There are still some subjects around Covid-19, but as users get savvier to those types of ploys, hackers are using security-related notifications and human resource matters that could potentially affect their daily work to pique their curiosity.
For interested readers, KnowBe4 has included an infographic that can be found here .
To keep staff and businesses safe, KnowBe4 recommends the following steps to prevent attacks:
Decision-makers must understand that they face threats not only from phishing attacks, but also a growing variety of threats across all of their communication and collaboration systems, the personal devices that their users employ, and even users themselves.
Many organisations have not yet developed and published detailed and thorough policies for the various types of email, Web, collaboration, social media and other tools that their IT departments have deployed or that they allow to be used as part of “shadow IT”.
An early step for any organisation should be the development of detailed and thorough policies that are focused on all of the tools that are or probably will be used in the foreseeable future.
These policies should focus on legal, regulatory and other obligations to encrypt emails and other content if they contain sensitive or confidential data; monitor all communication for malware that is sent to blogs, social media, and other venues; and control the use of personal devices that access corporate systems.
Application, OS and system vulnerabilities can allow cybercriminals to successfully infiltrate corporate defences. Every application and system should be inspected for vulnerabilities and brought up-to-date using the latest patches from vendors.
A useful method for recovering from a ransomware attack, as well as from other types of malware infections, is to restore from a known, good backup taken as close as possible to the point before the infection occurred.
Every organisation should implement solutions that are appropriate to its security infrastructure requirements, but with specific emphasis on the ability to detect, isolate and remediate phishing threats.
While the overall spam problem has been on the decline for the past several years, spam is still an effective method to distribute malware, including ransomware.
Next, implement a variety of best practices to address whatever security gaps may exist in the organisation. For example:
Use historical and real-time threat intelligence to minimise the potential for infection. Real-time threat intelligence can provide a strong defence to protect against access to domains that have a poor reputation and, therefore, are likely to be used by cybercriminals for spearphishing, ransomware and other forms of attack.
This article was first published in Hardware Zone.