Businesses are currently facing a huge malware problem stemming from phishing attacks. Not a week goes by when there isn’t another news story of a well-known organisation falling victim to ransomware or having some other unwanted cyber security-related incident. These incidents usually involve the temporary or permanent loss of business data, including that of customers. Under new EU GDPR laws, from May 2018 businesses have had to make these events public if the nature of the breach could have a negative impact on the subjects of the data.
The malware involved with this kind of incidents usually arrives because someone clicked on a link or an attachment in a phishing email.
We’ve stressed repeatedly all employees need to be on the lookout for the red flags of a phishing email and you have to train employees continuously by sending them simulated phishing attacks.
But how does malware actually get onto your business PCs and networks?
You may believe that in order to get malware from an infected website, you actually have to go onto the site, download something and then run it.
Unfortunately, this is not true.
Infected sites, especially those deliberately used in phishing attacks, use “drive by downloads” to infect their targets. This means that files can begin downloading from the site as soon as you arrive on it, and they can run themselves when downloaded – all without you clicking on anything after making the decision to connect to the website.
How can a website do this?
They exploit outdated software on users’ devices. If you have any software, including your browser or operating system, that is out of date – a website can use something called an exploit kit to scan your device. If it finds any vulnerabilities, such as software that you haven’t updated, it can download files that will exploit that vulnerability.
Other ways websites can contain malware
Malvertising is a term which refers to the infection of ad delivery networks. The ads you see at the side and bottom of blogs, news sites and many other places on the internet are served up by ad delivery networks, and they can be infected with malware even if the site on which you see them is not infected. One infected ad can be shown on thousands of different websites, greatly multiplying its reach and the number of potential victims.
The ads themselves can get infected by cyber criminals, or cyber criminals can set up their own ads. These are typically extremely “click-baity” in appearance, with an image that might be hinting at more to be seen if you click on it, and a title which piques your curiosity whilst suggesting your questions will be answered if you click.
Outdated WordPress Sites – It is estimated that as many as 60% of websites are running on WordPress – a software which makes website content management easier for those without coding skills. WordPress, like other software, must be kept up to date to remain secure. It also allows the installation of “plug-ins” which grant additional functionality. These also must be kept up to date. Cyber criminals look for exploits in WordPress and popular plugins, so it’s vital they’re kept up to date. If not, websites can be hacked to inject URLs onto pages, or even add completely new pages. A breached website can also redirect users to malicious domains. If you’re running a WordPress site and you don’t keep it secure, you could even find your own website being used in phishing attacks to deploy malware to visitors.
What can you do to protect your business from these domains?
Malware comes in many forms, and some of these can be extremely disruptive to your business. Businesses have lost all of their data to ransomware. Could your business survive that?
As well as simply educating employees about the importance of being vigilant against phishing emails, a DNS monitoring solution could save your business.
We use a service that handles 2% of all internet traffic. That’s 80 billion DNS requests per day. As it handles such a large volume of global internet traffic, it can very quickly spot domain level trends indicating the domain is being used for phishing attacks.
Using a web monitoring solution, such as this one, gives you the earliest possible protection against web domains used in phishing attacks. As soon as an unusual spike in traffic is seen to a suspicious domain, the solution will block any of your employees from accessing that domain, something they could potentially do if they clicked on a link in a phishing email. This will prevent you from connecting to those dodgy websites that immediately begin downloading malware as soon as you arrive.
Not clicking the link is the best defence
A link in a phishing email cannot harm you if you do not click on it.
The best defence is simply not clicking on any of the links. This means you and your employees have to recognise phishing emails when they arrive.
We have found that the best way to ensure people recognise phishing emails is to send them regular simulated tests. Clicking on links in these simulated phishing emails won’t cause any harm, but it will enrol the “victim” in further training to help them spot these emails! Phishing emails nearly always contain red flags that you could notice if you spent a bit more time evaluating emails, or knew what to look for!