What the Colonial Pipeline Attack Reminds Us About Phishing and Ransomware
As demonstrated with the Colonial Pipeline attack, Ransomware is the number one cybersecurity threat to organizations, but it’s also the number one security threat to humans. It impacts schools, medical centers, and communities. Phishing is the number one cause of Ransomware. Still, to many people, even security professionals, conventional thinking is that phishing is an email issue, and they fail to imagine beyond the inbox to all digital communication channels. Hackers are phishing humans in SMS, web, social, gaming, collaboration apps, search, and email. Stopping phishing, social engineering, account takeover, BEC, SMishing, supply chain attacks, and data exfiltration will stop 95% of Ransomware.
Last week’s Colonial Pipeline attack from the ransomware-as-a-service ring, Darkside, should be a wake-up call about the importance of phishing. Since emerging last summer, Darkside has been responsible for several high-profile ransomware attacks, but they are not alone. Several ransomware rings are successfully launching Ransomware, attacking a vulnerable public, making it the number one security threat to users and organizations.
But Ransomware is the end of the attack chain, not the initial attack. Successfully protected organizations focus on the start of the attack chain, which is phishing and social engineering. By stopping the initial attack, these organizations dramatically lower the risk of being the target of a ransomware attack. Recently published Osterman research finds that cybercriminals need to first gain access to an organization’s network or vendor supply chain for a successful ransomware attack. Entry points start with:
- Phishing and spear phishing resulting in credential theft or installing a malicious—but benign-looking—application that subsequently activates and downloads other code.
- Remote Desktop Compromise (RDP) is when cybercriminals gain control through a user’s computer. This happens at the start of the attack chain through credential stealing, rogue and malicious software, apps, and extensions, including Man-in-the-middle attacks.
- Malvertising—a fake advertisement leading to a malicious site or to downloads malicious code.
Cybercriminals like Darkside are no longer content with encrypting victim data for a financial payout, and they often use double-extortion Ransomware, which can include data exfiltration and encryption. If the victim does not pay, the cybercriminal will not remove the encryption and instead publicly release the stolen data. Increasingly these ransomware events cause further damage by planning the attack to cause maximum damage or disruption. While Darkside claims to be honorable by not targeting certain sectors like healthcare, their hack of the Colonial Pipeline caused fuel shortages and long lines at the pump for days.
With an average of 23 days of downtime and average ransomware payments of over $225K, counting the cost of remediating the attack impacts the organization, community, and the nation, why take the chance.
Protecting the world’s internet users from human hacking without compromise.
It’s estimated that Colonial Pipeline paid Darkside $5M to release their data, and the impact to the business community will be millions more. Attacks require human interaction to succeed. If you stop these attacks, you stop 95% of breaches. Without compromising user privacy or performance, SlashNext offers the industry’s fastest and most accurate human hacking defense to protect users from phishing, spear-phishing, BEC, and SMishing across all communication channels, including: SMS, email, web, social networking, gaming, collaboration, and search. SlashNext patented AI detection uses virtual browsers and on-device Natural Language Processing (NLP) to detect zero-hour threats by performing dynamic runtime analysis on billions of URLs a day through virtual browsers and machine learning.
Watch our popular video series: Phish Stories to learn more about cybercriminals hacking humans and how phishing is the gateway to ransomware and other breaches. https://www.slashnext.com/phish-stories-webinar-series/