Phishing, the main vector of ransomware
September 2020 by
In our last newsletter, by referring to the table edited by Proofpoint, we divided the departments of an establishment into three categories. We have grouped together in the first category (I) the 4 departments, which within an establishment concentrate the most phishing attacks, because an attack against these services would cause the most damage to the establishment and therefore bring the greatest gains to the attacker.
These departments are:
A) Production / Operations (Production losses)
B) Marketing / PR (Company image)
C) Management (Disorganization)
D) Sales (loss of incomes)
In fact, phishing is among the other vectors in the social engineering family, the one that is used the most by hackers because it requires the least effort to achieve the desired result.
But phishing is just one vector. It constitutes a serious threat because it allows to steal the credentials that will allow hackers to penetrate the system or even, if the victim acts according to the will of the attacker, to open the door to malware...
It is said that when we face a phishing type attack, we have time to prepare our defense because we know what the attacker is after.
In fact, this is only true in attacks of the SPEAR PHISHING type target attack and which inevitably indicates which department is targeted.
But it is still necessary to be aware of this attack before the attacker has had time to install his malware and achieve its results. Which is rarely the case.
The only conclusion of this reflection is that one should not wait to be attacked to prepare his defense.
The only remedy against credentials phishing is precaution.
Phishing for the purpose of obtaining credentials, which is never more than an attempt not immediately followed by a second, can be stopped simply by respecting the golden rule of never giving out your password.
Against phishing involving action on the part of the victim, a sophisticate firewall is the best solution.
Phishing with the objective to persuade the victim to perform an action such as downloading or opening a link can be stopped if the network is protected by a very high quality firewall such as ARCHANGEL. Indeed, when the victim clicks on the link or downloads a file or an application, this file or application must necessarily come from outside and will be filtered by the firewall.
But anyway, these services must be protected, as we explained in our eBook "INDUSTRIAL AND INFORMATION SYSTEM SECURITY".
The best defense is partitioning
But this partitioning must not only be done between departments, but also within the same departments between different sectors of activity, such as the data center or the backup station, the server, the data sharing system...
Thus, for example, for the protection of the Industrial Production / Operations network, we proposed to isolate the network by means of a unidirectional firewall which only allows, for the class 1 network, the passage of data output to a specific destination (Management & Information) or other industrial network...
Regarding the other departments of Category (I), namely Marketing / PR, Management andSales,it will be necessary to protect their data center, online file sharing center. We propose to isolate within the service that hosts them, not only the equipment used to create and manage the data but also the personnel in charge of their treatment. They must be isolated from the rest of the equipment and personnel of the department inside the establishment, both from the point of view of the workplace and their connections.
This space must be protected by its own firewall and each device must be protected by an antivirus.
In addition, this space will not be accessible from the outside, including the space reserved for the general administration, in the sense that only communications leaving this space will be possible.For this, we recommend using the Archangel OW firewall.
For the other categories, (II) Espionage (R & D / Engineering and Legal), phishing will not be used as a ransom vector but for malware designed to steal data and (III) other departments, we recommend reading our EBook but in addition, we recommend applying compartmentalization as we just mentioned above.