Hopeful employees targeted as phishers identify new windows of opportunity


By Ralph Pisani, president, Exabeam

As more adults worldwide are successfully vaccinated, cybercriminals are targeting workers seeking a return to the office. While the vaccine distribution progresses, the onus will fall on HR departments to alert staffers on the transition back into a physical workspace, whether full or part time. Knowing these communications are immediately on the horizon, phishers are off and running, trying to catch isolated and excited individuals off guard.

According to researchers at INKY, in the last few months, there’s been a sharp rise in these work-related phishing lures. The emails pose as company updates and are often socially engineered to look like they have been personally tailored to the recipient. They are fairly convincing emails at first, second and even third glances. The kind that could throw off even your most security-aware employees.

An unsuspecting employee could be enticed to download “company guidance” or click a link to confirm they’ve been vaccinated…which could lead to malicious downloads or credential theft.

It’s important to remember that many of the most devastating cyberattacks in history have started with a link to a phishing URL, and adversaries are looking for the next big thing by targeting the mass transition back to the workplace.

Carefully crafted emails like these containing a malicious link can fool even the most security-aware of employees. As soon as it is clicked, the clock begins ticking as adversaries move laterally throughout the network to extract as much information as possible.

And the clock won’t be ticking long. A short period of time is plenty to get access to sensitive data, exfiltrate it, cover tracks, delete or encrypt valuable data, and potentially increase persistence in the environment for future usage. It is imperative that organizations also have the technology to create a timeline of events to understand the security incident in sequential order.

Preventing phishing attacks, like the latest phony HR scams, should not fall on individual employees alone. According to the FBI, phishing was the most common type of cybercrime last year—nearly doubling in frequency between 2019 and 2020. If organizations are serious about preventing phishing attacks, they must use proactive threat intelligence to identify campaigns targeted at them. They can’t do that without behavioral analytics technology that reliably distinguishes abnormal activity of attackers from normal user behavior.

Understanding the difference between normal and abnormal allows organizations to far more quickly identify and remove intruders from the network before they are able to do collateral damage.

We must also teach users proper credential protection through ongoing security awareness training, including using multi-factor authentication to prevent further damage if the adversary unlocks a username and password. Individuals should be able to quickly and accurately spot phishing emails in their personal and professional email accounts, even the most deceitful ones.


No posts to display