Social engineering attacks are difficult for IT departments to prevent. Not because they haven’t the skills to stop an attack, but because the attacks are counting on human error. These attacks can be a step in the process of malicious cyberattacks such as ransomware. In fact, social engineering has become an avenue for hackers to initiate a cyberattack. What is social engineering, and how does it contribute to malicious attacks such as ransomware?
Social engineering attacks are usually one step in a multi-step cyberattack. Attackers investigate a potential target using a variety of social media sources to learn more about the target. They then look for vulnerabilities in the networks associated with the target. If they find weaknesses, they move forward with the attack. At this point, the attackers attempt to gain the target’s trust so they can gain access to resources and information.
Ransomware is a specific form of malware that takes control of a computer system, preventing users from accessing information unless a ransom is paid. Although ransomware has been around for years, the rate of detections within businesses rose from 2.8 million in 2018 to 9.5 million in 2019. That’s nearly a 340% increase in detections. Although not all detections end in a breach, the number of attempts illustrates how active cybercriminals are.
A ransomware breach is often the result of a social engineering attack. Without knowing it, employees may allow a cybercriminal to gain access to sensitive information or the network itself. Ryuk is a form of ransomware that works in reverse. It tries to encrypt backups and network servers before the endpoints of a network. The primary countermeasure to ransomware is to restore a system from backups. Ryuk eliminates that countermeasure unless backups are maintained offsite and off-network.
Phishing is one of the more common types of social engineering attacks. These are scam emails that frighten the recipient by claiming a breach or problem with security. The emails say to click on a link or open an attachment. The link is to a malicious website, or the attachment contains malware. A phishing email can be the first step in a ransomware attack.
The good news is that only 12% of users will click on a phishing email. The bad news is that 4% will click on the link or open the attachment. That 4% isn’t changing. Some employees are naive or trusting, and some simply do not care. It is the 4% that companies need to worry about.
If phishing emails are sent out in mass, detecting and blocking them is much easier for a mail server. If phishing attacks are more targeted, blocking them is more problematic.
Pretexting is a type of phishing where the perpetrator pretends to be someone who would legitimately have access to sensitive information. After establishing trust, the attacker asks the target to perform a critical task. The attackers may impersonate co-workers, bank officials, or trusted vendors or business partners. The hackers ask questions or provide information that helps to confirm their credentials in an attempt to secure personal information or crucial access.
Information such as social security numbers, bank records, vacation dates, or security processes can be gained through a pretexting attack. Pretexting has lead to financial compromises with losses over $100 million
Spear phishing is a more elaborate form of phishing. It combines pretexting and phishing to target specific people and companies. The hackers use pretexting to build trust with the target. Once trust is established, the hacker may breach the network through employee actions or send malware through an attachment the employee is sure to open. Because employees believe they are communicating with legitimate people, the breach can go undetected.
How to Protect Your Company
The best ways to protect your company are:
- Maintain strong firewall security
- Keep antivirus software current
- Update all software promptly
- Education employees on security practices
If you find these tasks are taking away from your core business, why not contact us ? We can take care of your IT, so you can take care of your business.