New data was released this week with an urgent, albeit not necessarily unexpected, message: ransomware and other phishing attacks continue to dramatically spike, with more frequent and more expensive attacks hitting businesses and government entities of all sizes.
The New York Times reported Sunday (Feb. 9) that a whopping 205,280 businesses had lost access to company files as a result of ransomware attacks last year, an increase of 41 percent from the previous year.
More recently, today email cybersecurity firm Vade Secure announced the release of its own research on the most common mechanism through which cyberattackers commit their ransomware scams: phishing attacks.
According to Vade Secure’s Phishers’ Favorites Q4 2019 report, attackers continue to impersonate some of the world’s largest brands to trick email recipients into believing their scams, and for corporates, the most common brand used is Microsoft.
Speaking to PYMNTS, Vade Secure Chief Solution Architect Adrien Gendre said the impersonation of Microsoft represents a broader trend (and a threat) of the enterprise: as more businesses embrace digitization and enterprise apps from service providers like Microsoft, their exposure to potential phishing attacks grows.
“Certainly, the more apps and digital services businesses use, the more potential hooks there are for cybercriminals, and the more likely they are to be targeted by phishing,” he said. “We leave clues all over the place — on websites, social media, etc. — as to which services we use.”
He pointed to corporates’ use of a business mail exchange as one source of public information that can be used by phishers to identify which email service a company uses, for example.
B2C Brands’ B2B Risks
Microsoft is a heavyweight in the enterprise app space, but increasingly, big brands that are typically associated with consumer-facing solutions, like PayPal, are introducing B2B solutions, further expanding the attack surface for cybercriminals.
Indeed, Vade Secure’s report found PayPal is the most impersonated brand name among phishers, for the second quarter in a row. Researchers warned, too, that this trend isn’t just a tactic threatening consumers: as PayPal expands its footprint in the B2B space with business payments, small business loans, and other back-office offerings for corporates, the opportunity for phishers to wield the PayPal name to trick business targets will grow, too.
“Brands that previously serviced consumers have expanded into the corporate sector, and vice versa,” said Gendre, noting that he has seen “more and more PayPal, Netflix and Facebook phishing targeting corporate email users.”
This trend was reflected in a recent cybersecurity incident with WhatsApp. While the popular messaging app emerged to target consumers, the company has recently expanded its services for businesses. Last year, analysts warned of a security flaw in the Android version of the app that impacted file sharing on the platform — a vulnerability, experts warned, that could have particularly significant implications for small businesses and freelancers using WhatsApp.
“In one of the most damaging Media File Jacking attacks, a malicious actor can manipulate an invoice sent by a vendor to a customer, to trick the customer into making a payment to an illegitimate account,” warned Symantec in a blog post at the time.
A Proliferating Threat
While phishing attacks are a growing risk to businesses thanks to the deployment of more sophisticated attack methods, corporates’ digitization initiatives are also broadening their chances of becoming a victim. This not only occurs as a result of high-profile technology brands expanding their reach among corporate customers.
As Gendre explained, rising cloud adoption data integrations between businesses’ growing array of back-office platforms is also adding complexity to their security measures, and expanding the cybersecurity risk. For instance, not only is PayPal introducing new services for B2B payments, invoicing, cash management and more, the company is also supporting integrations with other B2B apps, like Tipalti.
Businesses’ embrace of Microsoft is yet another reflection of this trend.
“It’s the same reason why phishing Office 365 is so much more lucrative than on-premise [Microsoft] Exchange,” he said. “It’s a cloud platform connecting multiple apps and services. Phishing provides a single entry point to that platform, allowing hackers to spread from email to Onedrive, SharePoint, Skype … The more disparate systems are integrated, the bigger the risk from a single cyberattack.”
At the same time, of course, attackers are deploying new tactics. Gendre said there has been a “sharp increase in file sharing phishing,” manipulation of brand logos and the strategy of adding legitimate brand content in their phishing attacks — for instance, adding one phishing link into a mix of several legitimate URLs in an email.
With phishing scams continuing to target corporates’ financial departments, from payroll to accounts payable, Gendre also highlighted the shift from attackers attempting to steal single, large sums from a target, to casting a wider net to steal smaller sums from multiple business targets to remain undetected.
“A request to purchase a few hundred dollars’ worth of gift cards is more likely to not trigger any alarms,” he noted.
The opportunities to infiltrate are widespread for phishers today, and as more businesses adopt high-profile brands like PayPal and Microsoft — and encourage integration between their back-office platforms — the phishing risk will only continue to climb.