The recent Colonial Pipeline ransomware incident may be a wake-up call for how we can protect our critical infrastructures and major businesses from cyber-attacks. “Cybercrime business” is rapidly growing, and perpetrators are making billions of dollars worldwide. With the global internet, hackers can initiate attacks from anywhere to any organization around the world at any time.
In recent years, we have witnessed progress in our fight against these organized hackers.
- At the federal level, the US government has many agencies helping fight cybercrime, such as DHS, FBI-IC3, USSS, FTC, and the recently established CISA. Also, various state and local law enforcement agencies implemented cybercrime investigations and other cybersecurity programs.
- Cybersecurity companies and software vendors made progress in providing security solutions and tools for both businesses and consumers. This is not an easy task since our technology is evolving quickly. Vendors must offer protections for cloud environments, IoT devices, critical infrastructures, offices and remote workers, and mobile devices. Both hackers and security providers use new technologies such as artificial intelligence and big data. It is an “arms race” in technology.
- Universities and colleges are actively working on additional cybersecurity curriculum to address the cybersecurity professional shortage, which NIST’s Cyberseek.org documented.
- Governments, nonprofits, and industries are teaming up to help raise the level of awareness and educate our community about cybersecurity (i.e., Cybercrime Support Network, SCORE, National Initiative for Cybersecurity Education, and free cyber awareness tools from Trend Micro)
With all these efforts, businesses likely have the tools to block spam and phishing emails. However, attackers are constantly looking to evade standard defense techniques. They may use tactics such as sending PDFs or shared drive attachments to a phishing email that slip through the corporate defense lawyer. It is imperative that all users and employees are aware of the risks and are educated about the signs of phishing.
More than 90% of ransomware and targeted business attacks start with a spoofed email (aka phishing). Even if our organizations have the best security tool and IT security teams, any employee still may help hackers open a backdoor and drop a malware loader by clicking on a phishing email. Once criminals gain some control of your device or network, they are much more capable of performing the attack desire.
Some perpetrators may remain in stealth mode and try to steal information from your system, such as customer credit card numbers, or connect your network to their command-and-control server and wait for an opportune time to attack.
In the case of ransomware, once a user clicks on a phishing email and lets the attackers into your network, they will eventually encrypt your data and programs. They may even exfiltrate your critical data before encrypting it as leverage to encourage payment of the ransom. Criminals leverage advanced encryption technology that make it almost impossible to recover the encrypted and exfiltrated data without a long digital key (hex numbers).
Recently, we also witnessed various social engineering techniques in businesses email compromise (BEC) or spear-phishing in which attackers first conduct reconnaissance on their target victim from public sources such as social media. Then they will impersonate one of the victim’s colleagues or friends to significantly increase the chance of a successful attack.
In conclusion, to win the fight for the good, we must help our employer or our own business by knowing the risks and not getting fooled by phishing emails. Please “think and assess” before you click!