Posts

Report: Low Confidence in Stopping Business Email Compromise (BEC), CEO Fraud

Email is the primary tool for business communications and it’s used across the globe by organizations of all sizes. So, it’s no surprise that email is also today’s No. 1 threat vector for cyberattacks.

The cyber threat landscape has evolved to a great extent. Today, email attacks are highly targeted and cybercriminals engage in extensive social engineering activities to learn information about their targets in order to craft personalized emails.

Such targeted and sophisticated phishing attacks have a higher success rate than mass campaigns. Users implicitly trust a familiar name or email with personal information. These email may contain malicious attachments, weaponized URLs to deliver malicious payloads, phishing websites with fake login pages to steal login credentials, or malware-less email that seeks confidential information or a wire transfer.

With the changing threat landscape, coupled with the lack of human and financial resources to keep pace, organizations find themselves as susceptible targets for email-based attacks, such as spear-phishing and CEO fraud/business email compromise (BEC).

To that end, SonicWall recently worked with the Osterman Research and surveyed organizations to understand:

  • What are the top concerns for IT security decision-makers?
  • Why are cyberattacks succeeding?
  • How do you evaluate your current security posture?

Some of the key survey findings include:

  • Cyber threats are becoming more sophisticated as well-financed cybercriminal gangs develop improved variants of malware and social-engineering attacks. The perceived effectiveness of current security solutions is not improving – or is actually getting worse – for many organizations.
  • Most decision-makers have little confidence that their security infrastructure can adequately address infections on mobile devices, CEO fraud/BEC and preventing user’s personal devices from introducing malware into the corporate network.
  • To address the worsening threat landscape, security spending at mid-sized and large organizations will increase by an average of seven percent in 2018 compared to 2017.

The white paper also discusses the level of confidence that security professionals have in defending against these advanced threats. For example, 58 percent of those surveyed believe that their current solutions to eliminate malware before it reaches end users are either “very good” or “excellent,” and 55 percent believe that their ability to protect users from ransomware is this effective.

Unfortunately, things get worse from there: fewer than half of respondents believe their ability to block phishing attempts from end-users, eliminate account takeover attempts before they reach senior executives, and protect sensitive data is either “very good” or “excellent.”

Finally, some best practices that decision-makers must consider to protect against these advanced threats are:

  • Deploy a multi-layer approach for email security
  • View security holistically from cloud services to endpoint, with end-to-end monitoring
  • Train all users, including senior executives
  • Use adequate threat intelligence
  • Establish detailed and thorough policies

Get the In-Depth Osterman Report

Download the exclusive Osterman white paper, “Best Practices for Protection Against Phishing, Ransomware and Email Fraud,” compliments of SonicWall. The paper explores issues that security professionals face, how to evaluate your current security posture and best practices to consider implementing for sound email security.

Beware of Email Scams and Ransomware This Holiday Shopping Season

The 2016 Holiday shopping season is well underway, and we are poised for a record-setting year.

The National Retail Federation reports that over 154 million consumers shopped over the Thanksgiving weekend, up nearly 2% from 2015. A very telling statistic highlights the brick-and-mortar vs. online shopping trend: the survey found that 44% of shoppers went online, whereas 40% shopped in-store. And, the large concentration of retail commerce over the weekend was heavily influenced by which day it was. For those consumers that skipped the in-store crowds and opted to shop online,

  • 74% shopped on Black Friday (up 1.3% from 2015)
  • 49% on Saturday
  • 36% percent on Thanksgiving
  • 34% on Sunday

The mad rush to shop online these final weeks of the year is a financial boon to online retailers hoping to close a strong year – and to spammers and cybercriminals hoping to cash in as well with ransomware, phishing, and malware traps. Earlier this month our President and CEO, Bill Conner, wrote a blog with some great guidelines to protect yourself and your organization from emerging threats.

HOLIDAY RUSH
The holidays can be a frenzied time for anyone – whether it be last minute shopping, arranging or attending parties, or making last-minute travel plans. It’s equally busy at work, as you try to wrap up projects or complete financial planning, all before the holidays. The holidays are a time to sit back and relax, but only after necessities are taken care of – the calm after the storm. But if you’re not careful online, cyber-criminals are ready, and waiting.

OH, YOU BETTER WATCH OUT…
Employees and consumers can take a variety of precautions to protect their personal and corporate assets when shopping online. One of the simplest ways to protect yourself is to use separate work and personal email addresses for your online transactions. Avoid using the same email address for both work and personal items. Additionally, make sure your password is unique and difficult to guess – making things more difficult for cyber-criminals.

According to Google, an ever-increasing number of online shoppers used their smartphones to make purchases. And, this increased usage is accompanied by an increased online time – on Black Friday shoppers typically spent between 35 – 90 minutes visiting online electronics stores.

But in addition to online shopping, users continue sending and receiving emails at a record pace. According to the Radicati Group, the number of emails sent and received per day exceeds over 205 billion, and this volume is expected to reach over 246 billion by 2019. This confluence of accessing email or online shopping anytime, anywhere, is incredibly appealing. And corporations are now susceptible to an emerging threat: Ransomware attacks, where cybercriminals access confidential information, and extract payment to return this data. Even though ‘tis the season, you should still proceed with the utmost caution!

SEASON’S GREETINGS
Following are some recent trends and spam messages the SonicWALL Threat Research Team has identified this season:

  1. A personal letter from Santa to a loved one (phishing emails attempting soliciting your personal info) is the most common email threat detected this year.
    Phishing Email Scam
  2. Holiday deals from unknown sources, leading you to survey sites in hopes of getting you to divulge your personal info.
    Phishing Email Scam
  3. Year-end tasks including annual health-care enrollment, renewal of insurance, etc.
    Phishing Email Scam
  4. Gift cards are one of the fastest growing categories this year and we see similar growth in first card related spam and phishing emails.
    Phishing Email Scam

These examples are a small sample of what you might experience over the next few weeks. To help you this holiday online shopping season, below is a refresher on what you can do to not fall prey to these grinches:

  • Don’t click on URLs in emails [especially on Mobile devices] without checking its full path and understanding where it is leading to. This is especially important when connected to a public Wi-Fi. Staysafeonline.org has issued an infographic  on mobile security and elaborated this topic further.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • Be wary of enticing online offers – especially if you’ve never heard of the business
  • Last minute upgrade requests from IT – upgrades are usually done with advance notice and communication

To test your knowledge, take this quick SonicWall Phishing IQ Test and avoid the holiday blues!