PSA: Hackers increasingly targeting staff working from home with phishing attacks

PHOTO: Unsplash

PSA: Hackers increasingly targeting staff working from home with phishing attacks

According to its “ Q4 2020 top-clicked phishing report ” carried out by security awareness training company KnowBe4 , found that work-related email subjects are becoming popular with hackers as covid-19 changed our work habits.

Stu Sjouwerman, CEO, KnowBe4 said:

It’s no surprise that phishing attacks related to working from home are increasing given that many countries around the world have seen their employees working from home offices for nearly a year now.

Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down.

The bad guys deploy manipulative attacks intended to strike certain emotions to cause end-users to skip critical thinking and go straight for that detrimental click.

Q4 findings and results

Be careful of that email. 
PHOTO: Pexels

From their analysis of thousands of emails during Q4 of 2020, KnowBe4 found that the top 10 subject lines of actual emails users received and reported to their IT departments as suspicious included:

  • Password check required immediately
  • Touch base on meeting next week
  • Vacation policy update
  • Covid-19 remote work policy update
  • Important: Dress code changes
  • Scheduled server maintenance -- No Internet access
  • De-activation of [[email]] in process
  • Please review the leave law requirements
  • You have been added to a team in Microsoft Teams
  • Company policy notification: Covid-19 - Test & trace guidelines

*Capitalisation and spelling are as they were in the phishing test subject line.

**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

According to the company, hackers are playing into employees' desires to remain security-minded.

There are still some subjects around Covid-19, but as users get savvier to those types of ploys, hackers are using security-related notifications and human resource matters that could potentially affect their daily work to pique their curiosity.

For interested readers, KnowBe4 has included an infographic that can be found here .

Keeping the bad guys at bay

All businesses should take steps to protect themselves.
PHOTO: Pexels

To keep staff and businesses safe, KnowBe4 recommends the following steps to prevent attacks:

1. Understand the risks you face

Decision-makers must understand that they face threats not only from phishing attacks, but also a growing variety of threats across all of their communication and collaboration systems, the personal devices that their users employ, and even users themselves.

2. Develop adequate policies

Many organisations have not yet developed and published detailed and thorough policies for the various types of email, Web, collaboration, social media and other tools that their IT departments have deployed or that they allow to be used as part of “shadow IT”.

An early step for any organisation should be the development of detailed and thorough policies that are focused on all of the tools that are or probably will be used in the foreseeable future.

These policies should focus on legal, regulatory and other obligations to encrypt emails and other content if they contain sensitive or confidential data; monitor all communication for malware that is sent to blogs, social media, and other venues; and control the use of personal devices that access corporate systems.

3. Keep systems up-to-date

Application, OS and system vulnerabilities can allow cybercriminals to successfully infiltrate corporate defences. Every application and system should be inspected for vulnerabilities and brought up-to-date using the latest patches from vendors.

4. Ensure you have good and recent backups

A useful method for recovering from a ransomware attack, as well as from other types of malware infections, is to restore from a known, good backup taken as close as possible to the point before the infection occurred.

5. Deploy anti-phishing solutions

Every organisation should implement solutions that are appropriate to its security infrastructure requirements, but with specific emphasis on the ability to detect, isolate and remediate phishing threats.

While the overall spam problem has been on the decline for the past several years, spam is still an effective method to distribute malware, including ransomware.

6. Implement best practices for user behaviour

Next, implement a variety of best practices to address whatever security gaps may exist in the organisation. For example:

  • Employees should employ passwords that correspond to the sensitivity and risk associated with the corporate data assets they are accessing. These passwords should be changed on an enforced schedule under the direction of IT.
  • Implement a program of robust security awareness training that will help users to make better judgments about the content they receive through email, what they view or click on in social media, how they access the Web, and so forth.
  • Establish communication “backchannels” for key staff members that might be called upon to deal with corporate finances or sensitive information.
  • Regularly send simulated phishing emails to employees to reinforce their security awareness training and to make sure they stay on their toes with security top of mind.
  • Employees should be reminded continually about the dangers of oversharing content on social media
  • Ensure that every employee maintains robust anti-malware defences on their personally managed platforms if there is any chance that these employee-owned devices will access corporate resources.
  • Employees should be reminded and required to keep software and operating systems up-to-date to minimise the potential for a known exploit to infect a system with malware.

7. Use robust threat intelligence

Use historical and real-time threat intelligence to minimise the potential for infection. Real-time threat intelligence can provide a strong defence to protect against access to domains that have a poor reputation and, therefore, are likely to be used by cybercriminals for spearphishing, ransomware and other forms of attack.

This article was first published in Hardware Zone.