14 May 2017
In the past days WannaCry was making the headlines. I found a really well written post on Binary Defense which explains the basics of the initial infection as well as the propagation method.
WannaCry does not use any heavy sophistication methods for delivery. It first uses a password protected zip file, which has a document inside.
Packaged this way anti-malware solutions cannot scan the attachment because they can’t enter the password for opening the attachment, although it is stated in the email body. Even APT (Advanced Persistent Threat) solutions may fail if they are not properly configured.
If your Anti-Phishing Awareness Training was successful, the chance of an infection is small.
In addition, it makes sense to block incoming mails with zip files, which cannot be inspected by the anti-malware solution. Don’t deliver them to the users junk mail folder, block them on the mail gateway.
This gives you the time to implement patch MS17-010, if you have not yet done so. Or isolate the affected systems from the network, if patching is not possible, e.g. in GxP controlled environments.
3 December 2016
Whaling is a type of cyber fraud that targets mainly corporate executives. It is very closely related with phishing, thus not new. For a superb collection of examples see this slide show published on CIO.com.
As always, the combination of People, Process and Technology measures (PPT approach) is the best way to combat whaling:
People. The most effective way to deal with whaling is security awareness training. Include some whaling attacks in your anti-phishing training to raise awareness.
Processes. Enhance your information handling policy (IHP) or office manual. Add rules for the compliant handling of business requests by email:
- Users should never act on a business request from a company executive if the email is not signed with a company owned and valid email certificate.
- Never trust an email of a business partner when it is not signed with the partners valid email certificate.
Communicate the IHP to all users and train them in use and handling of email certificates.
Technology. Configure your email system such that all mails to external partners and at least all emails from company executives are signed with a valid email certificate.
With this, the risk of getting the victim of a whaling attack is greatly reduced.
Have a good weekend.