Phishing Attacks Are Now The Top Vector For Ransomware Delivery
Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to trick them into downloading malicious files.
“Phishing emails are easy to send and lure the unsuspecting victim in with minimal awareness of an attack,” the researchers state.
“The carefully crafted device of a social engineering scheme, the emails are customized to specific targets and appear to be from legitimate, even familiar, senders.
Faced with unmanageable email volumes, even many once-careful users fail to scrutinize incoming mail and note small changes that would otherwise be suspicious red flags. Once the victim opens an email from their ‘bank’ or ‘internet service provider’ and confirms a few account details – or even just clicks into the malicious fake site – the payload detonates and the work of stealing and/or encrypting sensitive data begins. Once this work is completed, users are locked out and a ransom note appears.”
They stated: “In a recent survey, it was revealed that a staggering 78% of organizations experienced one or more ransomware attacks in 2021, 68% of which stated that the attack originated from a direct email payload, second-stage malware delivery, or similar cause. And, IBM’s Cyber Resilient Organization Study noted the top three causes of ransomware that year as social media (19%), malicious websites (22%), and phishing (45%). “
In addition to emails, attackers are increasingly sending phishing messages via social media. Business-oriented platforms like Slack and Teams are particularly effective, since users often access them from their work devices.
“While popularly exploited on email servers, phishing attacks are not confined to inboxes,” Digital Defense says. “ “One of the rising vectors, as noted by [an] IBM study, is social media. Collaboration tools like Teams and Slack are prime grooming places for establishing trust and exploiting ‘coworkers.’
Online spaces like LinkedIn are particularly vulnerable to facilitating attacks; as platforms built for connecting with strangers, they encourage direct messages which often contain links to shared professional interests. Many of those links are credible – some are not. Unfortunately, with ransomware one click is all it takes.”
New-school security awareness training enables your employees to make smarter security decisions, so they can avoid falling for social engineering attacks. Digital Defense has the story: https://www.digitaldefense.com/blog/what-the-relationship-between-ransomware-and-phishing/
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW