Phishing is a type of social engineering by which an attacker attempts to convince a user to click on a malicious URL or email attachment.
Every year, attackers leverage phishing campaigns to infiltrate organisations' networks. In its 2016 Data Breach Investigations Report, Verizon recorded 9,576 phishing incidents. 916 of those included at least some data disclosure, and in nearly a third (30 percent) of all phishing attacks, the recipient opened the message. On average, those victims took one minute 40 seconds to open the email and three minutes 45 seconds to click on the malicious link or attachment.
Verizon also found that in 91 percent of phishing incidents, the attackers stole the recipient's credentials by using either a fake login page or malicious software downloaded onto the victim's computer.
For instance, in March 2016, a group of attackers sent out phishing messages pretending to originate from FinCERT, a department of the Russian Central Bank which responds to targeted attacks and fraud. Those messages downloaded a remote administration tool (LiteManager 3.4) onto each target's machine. That level of control gave attackers the ability to download keyloggers and other software capable of stealing credentials onto a victim's computer.
Phishing 2.0: The Rise of Ransomware
Not all phishers are interested in leveraging malware to steal credentials. Some forego passwords and instead employ malicious software to extort money from unsuspecting users.
Reflecting this preference, many phishers now incorporate crypto-ransomware into their attack campaigns. Those types of malware encrypt a user's files and demand a ransom payment in exchange for the decryption key. Victims generally can't recover their files without paying the ransom unless they restore their data from backups or exploit a coding error in the malware to decrypt their files for free.
Ransomware hasn't just seen an uptick in phishing attacks. It's growing in appeal over other forms of malware across all attack types. Tripwire's senior security research engineer Travis Smith explains such increased popularity rests on how ransomware is meant to operate:
"In today’s cybercrime environment, criminals need very small payloads with little to no command and control communication to infect and control their targets. The point of ransomware is to be detected, not prevented. This is why it seems like there is much more ransomware currently than other types of malware. It’s just as easy to infect a computer with ransomware as with any other type of malware."
Smith also notes the return on investment for ransomware is estimated at 1,400 percent, which means phishers can expect to make money off of crypto-malware.
That helps to explain why the security community has seen a surge of attack campaigns that blend phishing and ransomware together. Here are just a few recent examples:
Those attack campaigns help illustrate the extent to which the phishing attack environment has already changed and how it continues to evolve.
Indeed, according to a report published by anti-phishing company PhishMe, 93 percent of all phishing emails now contain crypto-ransomware. That figure is up from 56 percent in December 2015. Ransomware also accounted for more than half (51 percent) of all phishing email variants in March 2016, up from just 29 percent in February 2016 and 15 percent in January 2016.
Organisations need to prevent ransomware from encrypting their business critical data. To do so, they must learn how to defend against a phishing attack.
That effort begins with Metacompliance, a provider of Simulated Phishing, eLearning and Policy Management software. Metacompliance's solutions help make compliance for businesses and enterprises alike easier. They also help educate employees about common security threats, including ransomware and phishing attacks.
For more information on how Metacompliance can help you protect your organisation against phishing and ransomware, click here.