It was not long ago the white house was in the news when US intelligence agencies concluded Russia tried to sway the US presidential election in favor of Donald Trump alleging that the Russian hackers stole the information of rival Hillary Clinton’s campaign. The White House is said to be one of the most secured and safe-guarded buildings in the world. But when it comes to cybersecurity, no one is spared. Yes, even top-ranked White House officials including the Homeland security Advisor and other White House officials were spoofed by cyber-criminals.
It was all the work of an email prankster from the UK who played his tricks on several White House officials by impersonating emails from other officials in the White House. The first man to fall prey to this attack is none other than Tom Bossert, Homeland Security Officer in White House. In what seemed like a regular email from one of the president’s senior advisor, Jared Kushner, the email invited Tom Bossert for a party and asked whether he would be willing to take part of it. Tom Bossert accepted the invite without understanding the threats behind the attack.
The modus operandi behind these attacks is how the attackers do extensive research on the subjects, zero-in on a likely target and then craft an email subject cleverly to woo the target. And the person who receives the email doesn’t have a clue that it is a phishing email and fall into the traps of the adversaries. If a place like White House is not safe from spear phishing campaigns, then what hope does a common man have and what is the state of our information and email security.
Everyone is Vulnerable
Most of the attacks from cybercriminals start with just a spear phishing email because of the fact that anyone can be easily manipulated with an impersonated email. That is the reason that spear phishing attacks pose a more significant threat for businesses around the world.
It was a Spear Phishing attack, which is the most effective and standard mode of phishing for attackers. This is carried out by sending spoofed e-mails which are seemingly over-trustful but uses fake e-mail addresses. The spear phishing attack technique is specifically designed and targeted at a particular user group or an organization (as it was done in case of White House). The attacker usually undertakes thorough research before they send out an e-mail to the targeted individual of the organization.
A survey conducted by GreatHorn that included a total of around 115,000 mailboxes with approximately 375 million email messages to get an understanding of how many emails are affected or anomalous. And the results of the survey were astounding as it seemed almost 0.015% of emails are suspicious or contains elements which could be some phishing threat.
According to the FBI, the losses due to spear phishing attacks from adversaries is over a billion dollars every year, and the number of attacks seems to be increasing every year though.
What should we do to stop getting compromised?
When you take at the nature of the issue from a broader perspective, it can be said the significant factors that drive these threats are:
Adopting Cloud Email Servers without ensuring a Secure Email Gateway
Most of the people’s daily work revolves around emails and mostly from 2012 people have shifted to cloud email servers like Microsoft Office 365 and Google G suite. But the issue with many companies is that they fail to check whether their Secure Email Gateways are updated to handle the threats posed by the cloud infrastructure.
When it comes to Secure Email Gateways (SEG), they do not offer complete protection, and that is the reason hackers can easily bypass the security cover. The emails are cleverly impersonated that the email gateways are not updated to detect those kinds of deception-based attacks. A classic example was the White House attack, where no one can blame the official for opening a well-crafted email that seemed like it came from a trusted White House staff.
Hence it is up to the cloud email providers to beef up their security systems and provide users with an enhanced security cover from spear phishing attacks.
Security Awareness Programs Don’t Help Much To The Cause
While organizations do invest in conducting phishing awareness programs to their employees, it doesn’t seem to be very useful. The number of email-based cyberattacks that increase every year does prove this point. According to a study by Forrester conducted on organizations that were attacked by cybercriminals, the security programs were not much helpful it seems.
Lack Of Experienced Security Professionals
Another issue is the lack of well-trained and experienced security experts, and as of today, close to 1 million jobs related to security is unfilled, and it is expected that the number will only go up. And as a result, organizations are mostly understaffed in their security departments, which also is a primary reason they cannot increase their security posture to a great extent. This makes it easy for attackers to easily bypass the security systems and get access to all the critical information. So when neither security training programs nor the understaffed security teams can safeguard us from the attackers, where is the hope?
Automation Is The Answer
To prevent phishing attacks from cybercriminals and safeguard critical information, it is essential to devise a method where these threats are detected and stopped automatically. Yes, an automated workflow will help in reducing the time taken drastically to detect any attack and respond quickly.
The government has understood the seriousness with spear phishing attacks and is looking for implementing key control measures that help in analyzing the risk and the magnitude of damage that can be caused during a cyber-attack and what are the countermeasures to be put into place to reduce the damage.
Organizations need to strengthen their cybersecurity with dedicated and skilled technical resources along with some advanced automated workflows that can help them to detect and stop these impersonated emails automatically. Or else it would be impossible for humans to check whether the email they received is a genuine one or not. But until such advanced and automatic workflows are in place, we are always in constant threat and stand exposed before the adversaries unless we keep ourselves updated with recent attacks taking place and security awareness.