LATEST INTELLIGENCE
BEST PRACTICES FOR PROTECTING
AGAINST PHISHING, RANSOMWARE AND
EMAIL FRAUD
S
ecurity teams and the organisations
they support are increasingly the
targets of sophisticated threats
developed by a shadowy and very well
financed cybercrime industry that has
demonstrated it can often outsmart even
the most robust security defences.
Cybercriminals are aided by the fact that
security teams often lack the human and
financial resources necessary to keep pace
and so often cannot defend against the
latest threats that are directed against
them. Add to this the fact that security
teams often support users who unwittingly
aid cybercriminals (or occasionally become
them) through mistakes or intentional acts
that can result in the loss of sensitive data
or corporate funds. Consider what security
teams are up against:
• Cryptocurrency mining on endpoints
increased by 8,500% during 2017 and
•
•
•
•
the trend is accelerating. One vendor
found that the deployment of illicit
cryptomining scripts grew by 725%
during a four-month period ending in
January 2018
The practice of injecting malware into
software updates increased by 200%
during 2017
The number of web application
vulnerabilities increased by 212% in
2017 and more than one half of these
vulnerabilities have a public exploit that
hackers can use
There was a 54% increase in mobile
malware during 2017
In February 2018, there was one phishing
attempt in every 3,331 emails and one
piece of malware for every 645 emails.
That means that in an organisation of 500
email users who receive a median of 100
emails per day, the security infrastructure
will receive 15 phishing attempts and 77
pieces of malware each day
• While the massive ransomware
campaigns we saw in 2015 and 2016
have abated to some extent, we
continue to see targeted ransomware
campaigns focused on specific industries
like healthcare and government,
among others. Moreover, the number
of ransomware variants continues to
increase: one source found a 74%
increase during the 13 months ended
February 2018
• While spam is today less of a problem
than it was several years ago, the one-
year period that ended in March 2018
saw an overall increase in the volume
of spam traversing the Internet, with
enormous spikes occurring in early 2018
• Security teams must deal with all of
these issues in addition to the everyday
problems of rootkits, bootkits, adware,
overwriting viruses, bots, software bugs,
keyloggers, password-stealing Trojans,
backdoors and dumb user mistakes n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
23