spearphishing photo

Here at Upward we pride ourselves on providing great IT services to our clients and at the top-most of the list is security. It is something we aim to be ever-diligent on, providing our customers with the best anti-virus and anti-malware applications and definitions that are out there. So imagine our concern when we heard that one of our clients this last month had two serious spear phishing/ransomware attempts made on their network. Luckily the customer did the right thing in both instances, alerted us quickly and we were able to contain the threat. It’s amazing to us though how sophisticated and invasive these threats continue to be. The scammers designing these ploys are serious, practiced, and are coming for your money. We don’t mean to sound alarmist, we just want to emphasize the seriousness of these attacks. Here are some of the details (made anonymous). Pretty scary stuff.

Breach 1:

A business owner’s account sent an email to one of his employee’s accounts asking them to wire a large sum of money to a specific account. The attacker created an email rule that made all communications with the employee go to the owner’s ‘notes’ folder so he would not see them and they (the scammers) could keep communicating with employee. The scammer carried on a brief email chain with the employee (posing as the owner) assuring that the request was valid, but since the actual owner works in the same office space the owner and employee knew something was going on.

Our tech Daniel Bolduc contacted the owner and reset his email and domain passwords. Then Dan initiated AV scans on his work and home computers (since he uses VPN and Outlook on each one). After the scans began we disconnected the computers from all networks. Both of the scans turned up empty so we re-connected them.

The owner’s email and password combination had been hacked in the large breaches that occurred on Dropbox and LinkedIn, which occurred this year. Dan validated this by entering his account into the haveibeenpwned.com website. Although the exact combination was not the same, the owner said it was similar. This is the only way we can think of that the credentials were compromised.

Breach 2:

An employee received a spam email from a customer asking him to click on a link to download a file. The link led to a website that appeared to be Docusign but was not, and asked him for his email address and password. The employee entered the same email and password combination he uses for Office 365 but according to him it ‘didn’t work’.

Three weeks later, the employee’s email account sent the exact same message to all 243 of his contacts within a span of two minutes. Similarly, the attacker set up email rules that prevented the employee from seeing his emails by directing messages to a sub-folder of his email account. From there, the attacker carried on some brief exchanges with recipients of the email (such as “yes it’s legit, don’t worry just download the file please”). In addition the attacker deleted all of the employee’s contacts.

Again, our tech Daniel Bolduc reset his domain and Office 365 passwords and initiated scans on his computer while disconnected from the network. Using Powershell Dan was able to create a spreadsheet of all the people that the employee emailed so that their Office Admin could create an email blast letting everyone know not to follow the link. Once again, the scans turned up empty so there didn’t seem to be any virus or anything, just the phishing scam with the fake website.

Let’s get something straight there’s another term for spear phishing; it’s attempted robbery. And it happens every day all across America. It could happen to your business and it’s more than likely the perpetrators will never be brought to justice.

How does spear phishing and ransomware infiltrate a business? The scary and insidious nature of these intrusions is part of what makes them so scary. The infiltration can come via an infected email attachment, malware from a malicious website, a download an employee unassumingly accepts or even a malicious intrusion through your unprotected network gateway. And the problem is almost always an accident at an unwitting moment. All the more reasons to keep your network security tight, your information private, and to inform your employees of these threats. Here are some things that will help:

Strategies to prevent Spear Phishing and Ransomware:

There are several simple measures that business owners can take to prevent this from affecting their business, and they don’t necessarily require expensive, next-gen technology.

-First, utilize every malicious threat protection service available, including a strong Enterprise grade Anti-virus solution and a commercial grade anti-malware solution. If your computer bogs down when running these services, it may be time to look at a new computer. We occasionally have clients ask us to remove one of these programs to improve PC performance. This can be a short sighted decision, as upgrading or replacing a computer is cheaper than the potential damage of an event.

-There are also some great password authentication services out there that can help make your data, credentials, and personal info even more secure. Here at Upward we use Auth Anvil and we’re very happy with it.

-Second, utilize a firewall that’s running a full suite of anti-threat protection measures. This is like the moat around your castle, and will catch many malicious threats before they ever enter your network including file attachments in emails, malicious websites or downloads.

-Finally and perhaps most importantly, enforce policy with your staff. Make them aware that these threats could cripple your business. Employees who initiate the invitation of ransomware and Spear Phishing are usually unaware of the concept of malware, and think of computer viruses as pesky little pop-ups that the IT guys easily clears away. Invite your IT provider in to have a policy discussion with your staff. Education and awareness are two of the best weapons in the fight against security breaches.

Is your IT provider discussing threats like spear phishing with you? Are you interested in finding a new IT partnership that helps your business stay more productive with less risk? Reach out to Upward Technology today.

Also, BONUS CONTENT: interested in hearing more about the subject? The popular podcast Radiolab put a great show about this topic last year! Check it out.