[ALERT] 93% of phishing attacks now have ransomware payloads

RansomwareOh boy. Things have gotten from bad to worse in an awful hurry.

I remember the first time I reported on ransomware in the CyberheistNews Issue Feb 11, 2014, where an attorney's office file server was encrypted due to an employee opening an infected phishing attachment. I have to give him credit, the man bravely stepped forward to explain this problem to the world on TV.

Fast forward to June 1, 2016 and CSO has an article about a Phishme report which reveals a whopping 93 percent of all phishing emails contains ransomware. OUCH.

Smart_Phish.jpgCSO's Maria Korolov summarized the report with the following: "That was up from 56 percent in December, and less than 10 percent every other month of last year. And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015."

Soft Targeting

She continued with: "In addition to the spike in the number of ransomware emails, one variant that's seeing increasing popularity is the "soft targeted" phishing message. It's somewhere between a business compromise email or spearphishing attack, which is targeted at one specific executive, and the general-purpose spam email that goes out to everybody. The soft targeted phishing email targets people in a particular job category, but may include some customization, such as the name of the recipient in the salutation.

"This has been a creeping trend for a while now," said Brendan Griffin, Threat Intelligence Manager at PhishMe.  For example, a popular type of phishing email is the resume email, which supposedly has a resume from a job applicant in the attachment.

Recipients who don't work in human resources or other jobs where they hire people would either ignore it, or forward it on to the appropriate person at the company. Other job functions can be targeted as well. Other common types of soft targeted phishing emails are billing, shipping and invoice-related messages."

Asymmetric Warfare

The term "soft targeting" is adapted from asymmetric warfare  where guerrilla forces or terrorists attack civilians -- often in other areas -- as opposed to attacking the military opposing force. I think the term applies in cyberwarfare as well, and is an apt description of what the bad guys are doing.

It's Here. Mass Customized Spear Phishing

I have been warning in many of these posts that with the emergence of a well-developed internet underground economy and sophisticated criminal bad actors this was inevitable. I'm surprised it has not happened any earlier, and this is only the beginning.  Since practically everyone's personal, confidential data has been hacked and a large part of your work history is available through LinkedIn, it's easy to merge-purge databases and send highly targeted spoofed phishing attacks.

Can Your Domain Be Spoofed?

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

KnowBe4 Domain Spoof Test

Now they can launch a "CEO fraud" spear phishing attack on your organization, supposedly coming from Human Resources, the CEO or perhaps the mail room, and social engineer your users to click on a link. That type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. It's quick, easy and often a shocking discovery.

Get your free domain spoof test now.

Try to spoof me!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Ransomware

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews