Why fighting spear phishing is critical to preventing data breaches
It’s a cautionary tale as old as email itself:
- A customer sends you an email asking for a referral to an accounting firm.
- You cheerfully forward the email to your accountant, who (because they’re a great accountant) immediately contacts the prospective client.
- Your contact sends tax information via email file attachment.
- The accountant clicks on the file—and that’s when the trouble starts.
It was never your customer! A malicious actor posing as your customer has now gained access to your accountant’s systems using the tried-and-true “new client” spear-phishing attack method.
And now, malware is running stealthily behind the scenes—combing through the apps, software and technology the accounting firm relies upon…
Only, no one at the firm has any idea that an attack is underway.
Because rather than encrypting the firm’s data for extortion, the “new client” secretly starts stealing personally identifiable information (PII) and tax filing numbers. And after the fake client behind the attack gets what they need, they’ll file the fraudulent tax returns with the IRS using the firm’s client information.
And a few weeks later, multiple refunds from fraudulent tax returns will be deposited into the hacker’s bank account.
The criminal will skate away with hundreds of thousands of stolen dollars, maybe more. The accountant will contend with infuriated clients, hours of IRS paperwork, expensive fines, penalties and a wrecked reputation.
What could the accountant have done differently? Could the attack have been avoided altogether—or at the very least, discovered before any PII was stolen?
How cyberthreat protection can help fend off spear-phishing attacks
In spring 2020, two accountants (at two different firms) became spear-phishing attack victims.
Each received an email they were expecting, and each of them clicked on those respective emails. That’s it.
Skulls and crossbones didn’t take over their screens. Nothing happened at all.
Sometimes attachments don’t open. Sometimes links don’t work.
And had it not been for what happened next, both would-be victims would have moved on with their days.
However, cloud security containing advanced cyberthreat detection noticed unusual system behavior.
What did that mean? Here’s an example: If a user clicks on a Microsoft Word document in an email and the user’s computer begins to download a massive amount of data from a known harmful or dangerous server, the security system will recognize that behavior as unusual and send an alert that the server involved should be disabled.
In this case, anti-malware and security protocols sprang into action by isolating impacted systems and ultimately stopping the attempted theft in its tracks.
Rather than cause immense disruption for the entire firm, the cloud security team could disable only what was impacted (i.e., the victims’ servers). The team momentarily knocked just a few users offline to stop the attack while everyone else continued to work, unaware of any issues.
Within minutes, the accountants who had unknowingly initiated the malware were back up and running.
Meanwhile, cloud security engineers continued to run diagnostics on the attack to determine:
- How it happened;
- Why it happened; and
- How to keep it from ever happening again.
Spear-phishing prevention is one of the benefits of cloud security
The malware used in the attack was a type most security experts had never seen, and standard antivirus software would likely have missed—a zero-day exploit.
As one expert source explains:
The term ‘zero-day’ refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released. So, ‘zero-day’ refers to the fact that the developers have zero days to fix the problem that has just been exposed—and perhaps already exploited by hackers.
Had cloud security not thwarted the attack, the hacker could have funneled data out of the firm for months. All because one software vulnerability, exposed through spear phishing, made it possible to install malware.
Vulnerabilities are exposed and patches are released every single day. The victims here were in the right place at the right time, just trying to do their jobs.
Gain cyberthreat protection with 24/7/365 cloud security
There are a few ways users can protect against phishing attempts and zero-day attacks…and keep their businesses safe from cyberthreats:
- Keep software, applications and systems up to date with the latest patches, bug fixes and enhancements.
- Be aware of the latest cyberthreat advancements (you are the first line of defense).
- Never click or open any file attachment from an unknown sender (and if an email is from someone you know but unexpected and out of place, check to make sure your contact actually sent you the email—their systems could be compromised, and they don’t know yet).
- Use a cloud provider to gain 24/7/365 bank-level protection.
Running applications in the cloud with a trusted cloud provider is the safest way to ensure business continuity. Learn more about the built-in bank-level security cloud hosting technology provides, and the advanced threat protection offered by Rightworks OneSpace, in our resource center.
For more information on Rightworks security offerings, visit our security webpage.