The risk of phishing attacks has increased considerably over the past 12 months, according to a new data breach report from Verizon. Ransomware attacks are also on the rise. The two are often used together to devastating effect as part of a three-pronged attack on organizations.
Firstly, cybercriminals target individual employees with a well-crafted phishing campaign. The target is encouraged to click a link contained in a phishing email which directs the soon-to-be victim to a malicious website. Malware is then silently downloaded to the victim’s device.
The malware logs keystrokes to gain access to login credentials which allows an attacker to infiltrate email accounts and other systems. Infections are moved laterally to compromise other networked devices. Stolen login credentials are then used to launch further attacks, which may involve making fraudulent bank transfers or installing ransomware on the network.
The Risk of Phishing Attacks is Growing
Verizon reports that due to the effectiveness of phishing and the speed at which attackers are able to gain access to networks, the popularity of the technique has grown substantially. In years gone by, phishing was a technique often used in nation-state sponsored attacks on organizations. Now there is a high risk of phishing attacks from any number of different players. Even low skilled hackers are now using phishing to gain access to networks, steal data, and install malware. Out of the nine different incident patterns identified by the researchers, phishing is now being used in seven.
Phishing campaigns are also surprisingly effective. Even though many companies now provide anti-phishing training, attempts to educate the workforce to minimize the risk of phishing attacks is not always effective. The 2016 Verizon data breach report suggests that when phishing emails are delivered to inboxes, 30% of end users open the emails. In 2015 the figure was just 23%. Rather than employees getting better at identifying phishing emails they appear to be getting worse. Even worse news for employers is 13% of individuals who open phishing emails also double click on attached files or visit the links contained in the emails.
Ransomware Attacks Increased 16% in a Year
Ransomware has been around for the best part of a decade although criminals have favored other methods of attacking organizations. However, over the past couple of years that has changed and the last 12 months has seen a significant increase in ransomware attacks on businesses. According to the data breach report, attacks have increased by 16% in the past year. As long as companies pay attackers’ ransom demands attacks are likely to continue to increase.
How Can Web Filtering Software Prevent Ransomware Infections and Reduce the Risk of Phishing Attacks
Defending a network from attack requires a wide range of cybersecurity defenses to be put in place. One of the most important defenses is the use of web filtering software. A web filter sits between end users and the Internet and controls the actions that can be taken by end users as well as the web content they are allowed to access.
A web filter can be used to block phishing websites and malicious sites where drive-by malware downloads take place. Web filtering software can also be configured to block the downloading of files typically associated with malware.
Training employees how to avoid phishing emails can be an effective measure to reduce the risk of phishing attacks, but it will not prevent 100% of attacks, 100% of the time. When training is provided and web filtering software is used, organizations can effectively manage phishing risk and prevent malware and ransomware infections. As phishing attacks and ransomware infections are on the increase, now is the ideal time to start using web filtering software.