Security Awareness Training Blog

    [Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

    Ransomware-Attack-Warning-2022Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to trick them into downloading malicious files.

    Phishing emails are easy to send and lure the unsuspecting victim in with minimal awareness of an attack,” the researchers state.

    “The carefully crafted device of a social engineering scheme, the emails are customized to specific targets and appear to be from legitimate, even familiar, senders.

    Faced with unmanageable email volumes, even many once-careful users fail to scrutinize incoming mail and note small changes that would otherwise be suspicious red flags. Once the victim opens an email from their ‘bank’ or ‘internet service provider’ and confirms a few account details – or even just clicks into the malicious fake site – the payload detonates and the work of stealing and/or encrypting sensitive data begins. Once this work is completed, users are locked out and a ransom note appears.”

    They stated: "In a recent survey, it was revealed that a staggering 78% of organizations experienced one or more ransomware attacks in 2021, 68% of which stated that the attack originated from a direct email payload, second-stage malware delivery, or similar cause. And, IBM’s Cyber Resilient Organization Study noted the top three causes of ransomware that year as social media (19%), malicious websites (22%), and phishing (45%). "

    In addition to emails, attackers are increasingly sending phishing messages via social media. Business-oriented platforms like Slack and Teams are particularly effective, since users often access them from their work devices.

    “While popularly exploited on email servers, phishing attacks are not confined to inboxes,” Digital Defense says. “ “One of the rising vectors, as noted by [an] IBM study, is social media. Collaboration tools like Teams and Slack are prime grooming places for establishing trust and exploiting ‘coworkers.’

    Online spaces like LinkedIn are particularly vulnerable to facilitating attacks; as platforms built for connecting with strangers, they encourage direct messages which often contain links to shared professional interests. Many of those links are credible – some are not.  Unfortunately, with ransomware one click is all it takes.”

    New-school security awareness training enables your employees to make smarter security decisions, so they can avoid falling for social engineering attacks. Digital Defense has the story: https://www.digitaldefense.com/blog/what-the-relationship-between-ransomware-and-phishing/

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Phishing, Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Cybersecurity Awareness Month Free Resource Kit
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews