Preventing ransomware via email is relatively straightforward: block the loader, and you block the ransomware. This means reliable detection of first-stage malware like The Trick, Dridex, or Buer Loader, traditionally banking trojans and downloaders. But how straightforward is that?
According to Proofpoint, a BSI technology partner, data, banking trojans – often used as ransomware loaders – represented almost 20% of malware observed in identified campaigns in the first half of 2021 and is the most popular malware type Proofpoint sees in the landscape.
Organizations nowadays are more vulnerable than ever. Lengthy processes, legacy issues and systems in need of constant update result in multiple threat vectors that attacker can leverage.
In a recent webinar, BSI discussed how organizations across the world need not only to protect themselves against threats, but also to understand where the threat comes from and how to adopt a preventative approach.
Traditional legacy mail gateways; web filters, and antivirus software should be updated and running on all networks. But they alone cannot counter the ransomware threat. An effective email security solution must go deeper. Because email is the initial infection point for most ransomware, you need advanced solutions that protect this critical vector.
How to adopt a ‘prevention first’ process against ransomware attacks?
By analysing embedded URLs and attachments, for example, to ensure no malicious content breaches the system as well as detecting and blocking credential phishing.
Cyber attackers are always one step ahead, and typical email security configurations rely far too heavily on outdated signatures.
Cloud-based email accounts are another prime vector for spreading malware. Cyber criminals can take control of users’ cloud accounts to target other users within organizations, an attack known as email account compromise (EAC).
Email accounts can be compromised in a few ways. Automated brute-force attacks are one of the most common examples, where attackers try countless username/password combination until something works. This is especially critical since it’s well known that users often reuse passwords across accounts and credential-stealing malware.
Securing users’ cloud accounts is a critical part of protecting against ransomware attacks and this must include monitoring for suspicious access attempts and unusual behaviour as well as employee security awareness training. One key requirement of a successful email-based attack are people – Proofpoint data shows that more than 99% of threats seen in 2020 required a person to interact to activate the threat.
That’s why employee training and awareness is critical. Your people should know what to do, what not to do, how to avoid ransomware, and how to report it. If anyone receives a ransomware demand, they should know to immediately report it to the security team—and never, ever try to pay on their own.
Payment of a ransomware may carry serious brand reputation and security ramifications. This decision should be weighed carefully by upper-level management with advice of legal counsel.
Ransomware attacks play on the user’s lack of awareness. They usually require people to open malicious document attachments, download and open or execute documents or scripts, or take some other action. Once users click the “Enable Content” button to turn on macros in a malicious document, for example, it downloads malware and starts the attack process.
Ensuring effective training teaches users about real-world attack techniques and campaigns. And it incorporates the latest threat intelligence to make users aware of the threats they’re most likely to face. Phishing simulations can identify users who are especially prone to falling for ransomware and other attack tactics.
As long as cyber criminals can find a way to make money from it, ransomware will continue to be one of the top threats facing organizations.
To counter this cybersecurity needs to be people-centric. It makes users more resilient through awareness training based on real-world attack techniques. It identifies and kills ransomware targeting your people. And it contains threats and helps organization respond quickly and effectively when something goes wrong.
For more information on the techniques, lures and a step-by-step guide in mitigating ransomware risk is available in the 2021 Ransomware Survival Guide.
Richard Davis
