When it comes to protecting your company’s data and infrastructure, security products are not enough to prevent breaches. No matter how much you spend on these products or layer and configure them, at the end of the day, a product does not equal protection—especially when you enter the human variable into the equation. So, how do you protect your organization from spear phishing attacks?
When it comes to preventing your company from a spear phishing attack, education and methodology matter just as much.
What is Spear Phishing?
Phishing is a type of attack that comes in the form of a blanket email with a malicious attachment that compromises a PC with malware to try to gain access. While phishing is a broad attack, spear phishing is more targeted.
Malicious actors do their research to target a specific individual that has significant access to company data. Then, they develop a targeted attack that works to compromise the victim’s PC to gain access to information.
How Do Spear Phishing Attacks Work?
When it comes to spear phishing attacks, all it takes is one person to open the wrong attachment. Attackers do meticulous research to create targeted email content that encourages users to open the attachment or click a malicious link.
For example, an attacker might send the CFO of a company an email that’s disguised as a message from Accounting with a pdf attachment. Once he opens it, his PC may then become infected with malware because it wasn’t patched.
Once the CFO opens the attachment, his or her PC (and potentially any SMB/NFS mounted file servers) is then encrypted by ransomware, which subsequently demands Bitcoin to decrypt data. The phishing malware then moves laterally (a common vulnerability for “safe” areas behind the firewall) through a company’s infrastructure to take over and infect everything it can access. Since PCs can freely communicate with each other on the networks, one infected computer can impact all other vulnerable PCs, storage, and other connections.
Many spear phishing scams are successful because companies often make some bad assumptions about their security. They believe that just because their PCs are behind layers of firewall that they are protected. While many companies are concerned with protecting and monitoring traffic that’s coming into their networks, they fail to look at the east-west traffic within.
Once a PC is compromised, it has much more access than someone from the outside coming in. As a precaution, companies should treat end users as potentially malicious vectors and segment them accordingly.
What to Do When You Get Compromised
When you get hit with a spear phishing attack, you need to quarantine or isolate your devices and then wipe and restore. Here are some things to keep in mind when doing damage control after an attack:
- Although you might be tempted to, do not turn off the device. Treat it like the crime scene that it is: disconnect it from the network, and let it sit.
- Call in experts to investigate what happened and determine how to prevent it in the future.
- Again, once isolated, don’t wipe everything on the PC until you are able to figure out what happened and how.
- Once you’ve defined the attack, it’s safe to remediate.
- Install updated antivirus/anti-malware software to your now wiped and restored devices.
- Rebuild the infected PCs piece by piece. This can sometimes take weeks!
How to Mitigate Your Spear Phishing Vulnerabilities
Unfortunately, there is no 100% foolproof way to protect your infrastructure from a spear phishing scam. However, there are tools and methodologies that you can strategically leverage to reduce your chances of experiencing a breach:
Education plays a vital role in preventing these types of attacks. Educate everyone in your company, especially those executives who have wide access to important data. Run training sessions and test campaigns to see who is leaving your company vulnerable and might need additional guidance.
2. Web Filtering
If you have a strong web filter and strategy in place, you can prevent the control action from happening. Make sure that your web filters only allow access to trusted sites.
Purchasing anti-malware software requires an ongoing investment, but when it comes to the costs of recovery, the expense of malware protection is well worth it. Products like Check Point CloudGuard work as a plugin for SaaS to help prevent malware.
4. Spam Filtering for your Email
Make sure there is a spam filtering solution in place for your email security. Anti-spam filtering technology like Check Point CloudGuard provides highly accurate anti-spam coverage and defends organizations from a wide variety of virus and malware threats delivered within email.
ADAPTURE Will Help You Identify and Respond to Spear Phishing Attacks
Spear phishing exploits the human factor and a lack of education. The hacker has done extensive research and knows more about you than the average cybercriminal, making it easier for you to fall victim to tailored emails from internal employees and web addresses. Education needs to start at the top, and your security strategy should be enforced every step of the way, including comprehensive accountability and monitoring.
If you do get compromised, ADAPTURE will help you recover from and prevent spear phishing attacks. We lead the recovery process onsite, working with law enforcement along the way. We also provide the education, tools, and methodologies to help you prevent it from happening again.
Our team can audit your existing environment to find out what you’re doing right and where you need to improve. We can find vulnerabilities and help you fix them before you’re compromised. This can save you from a weeks—or month—long outage.