subscribe: Daily Newsletter

 

Defending the organisation against spear-phishing

0 comments

One of the main worries for companies last year was the rise in the use of socially engineered phishing, which caused many organisations to lose thousands of rands, and immeasurable customer confidence. These scams are set to continue in 2016, says Sarel Lamprecht, MD of cyber fraud insurance specialist Phishield.
He says that spear-phishing is one of the primary tools employed by cyber crooks to compromise endpoints and gain a foothold in the enterprise network. The hacker uses a targeted, specifically crafted email that lures users to perform an action that leads to them being infected with malware, having their login credentials stolen, or both.
However, he says luckily, there are tools available to combat these dangers. “Probably the most significant step towards defending against these types of attacks is the use of context analysis and behavioural learning to quickly pinpoint any mails that show anomalous behaviours, or deviate from the usual email paths.”
Normal email traffic within the enterprise will follow certain patterns, related to various things, such as common sources, or typical domains used by third-party partners, fellow employees and clients. Also, there are typical paths for message delivery through the Web, from specific sources, and the usual entry points into the company network. “There is expected metadata in mail headers, text and images in the body of the mail, and types of attachments.”
A clear picture of normal email sources and paths for the business, or its subsets, can be drawn by scrutinising email traffic over the course of time. In addition, advanced behavioural techniques can create baselines of these variables.
Once the initial period of studying is over, the solution can employ the maps and the baselines to highlight any emails that deviate from the norm, and should be able to identify these, even if their differences are highly subtle. Next, he says, email threat intelligence can be used to identify attack infrastructure and ensure the users who are most at risk are made aware of the dangers.
“Threat intelligence about spam and phishing, for example any domains or IP addresses that have been linked to attacks, assists in the detection and prevention of spear phishing attacks. Threat intelligence can also put hackers off, as it compels them to register fresh domains and set up new web servers for every new attack. This will not deter the most determined of attackers, but like most criminals, they will go for the low-hanging fruit, and will move on to an easier target,” Lamprecht says.
This type of threat intelligence can also help raise user awareness, and boost training by assisting the technical departments to focus their education and support efforts on staff who are most likely to be targeted, because of their job description, or because they have been targeted previously. Next, he says tools to implement instant reporting on spear phishing to pinpoint, display and monitor suspicious emails and high risk targets, can be highly effective.
“New ways of looking at information in real time can better the ability of the security team, as well as staff, to identify and act upon spear phishing attacks as they see them occur, and stop them before they achieve their malicious ends. Reporting tools offer true visibility into emails that harbour any malicious software, as well as those that could be part of a spear-phishing campaign.”
According to Lamprecht, there are also a few common-sense measures businesses can adopt to avoid phishing and spear-phishing campaigns. “Invest in technology and secure the perimeter. Work with ISPs to monitor whether visitors to your sites are being redirected to spoofed sites. Be consistent with your employees, don’t advise users to avoid links in e-mails and then send them e-mails with links to information yourself. Make it simple, and explain security in a way the average employee can understand. And, of course, make sure you’re protected by having a cyber insurance policy in place.”