Human nature is amazing. I can tell you that there are a million stars in the sky and you will believe me. I can tell you that the paint on the wall is wet, and 8 out of 10 people will touch it to make sure. Social engineering and phishing email scams are part of the second part of this. It’s natural to be curious, to want to know what’s inside something. That curiosity has led to the mother load in the malware world.
Welcome to the Pain
The malware jackpot has just been struck. Locky, Samas, and Cryptolocker are spreading like wildfire across the globe. Why? The answer is simple: they are cheap, easy, and effective. In the last few weeks, Ransomware has hit a number of medical organizations including the Hollywood Presbyterian Medical Center, the Chino Valley Medical Center, the Desert Valley Hospital, and Methodist Hospital in Henderson, Kentucky.
But how does such a sophisticated piece of malware get into enterprises such as these? Why is the MedStar network in DC, a collection of 10 hospitals and 250 outpatient facilities in the DMV using pen and paper today? Why is a 5 billion dollar healthcare provider that servers hundreds of thousands of people infected with something so easy to defend against?
These collections of healthcare providers all have two things in common.
- They lack on site security specialists to help protect their environments for external threats.
- They severely lack awareness training against Phishing.
What exactly is phishing? It is quite literally the oldest trick in the book. Started back in 1995 when attackers used to masquerade as AOL Customer Service Reps, they would message users and give false error codes before tricking users into giving up their passwords. The format of these have shifted in the last 21 years to more realistic emails that trick uneducated users into opening a malicious document, clicking a malicious link, or running a malicious macro.
According to Special Agent Chris Stangl, section chief at the FBI’s cyber division, most of these hackers are from Eastern Europe and have increasingly targeted businesses which are often able to pay more than individuals to unlock data. The hackers “scan the Internet for companies that post their contact information,” then send them email phishing attacks. Unsuspecting employees, Stangl said, are asked to click on what seem to be innocuous links or attachments — perhaps something as simple as a .PDF purporting to be a customer complaint — and before they know it, their computers are infected.
The attackers are slowly ramping up their ransomware to larger businesses with more significant ransoms. The payout across the last two years, according to news reports, was in the 45 – 50 million dollar ranges. Most companies that lack the technical human resources to deal with these issues pay up, especially if their industry requires real time reporting or lifesaving operations.
What do we do??!?
But Antifreke, how are we supposed to protect ourselves when these emails look so real? Well, there are a few things you can do.
- The first is to look at the sender. If you don’t recognize them, don’t open the email. Period.
- If there is an XLS or PDF, save it to your desktop, right click and scan it. If it is flagged as malware, guess what. Don’t open it. Period. Delete it.
- If you do open it, and it asks you to run a Macro. Delete it.
- If you are lazy and didn’t do the first three, send it to your IT department, where someone there hopefully has a security hat they can throw on to tell you to Delete it.
Awareness and training are extremely important. So far in 2016, Ransomware has been reported in nearly every sector. Be on the lookout for more and more of these types of attacks. There is minimal sophistication in these emails. If it looks fake, delete it. If you don’t recognize anything in there, delete it. If you have a weird feeling, delete it.
Remember to be smart. There is no patch for human stupidity. Don’t be stupid and you won’t be the person responsible for your enterprise environment coming to a screeching halt.