9 Types of Phishing and Ransomware Attacks—And How to Identify Them
Cyberattacks have become more pervasive globally, evolving quickly in sophistication and scale, and are now more lucrative than ever for cybercriminals. Not only has The Everywhere Workplace extended the cyber risk and threat landscape—especially for data privacy and its protection—but a lot of Agile software developers, many of whom lack any DevSecOps process, are publishing untested or poorly tested software that can be exploited as zero-days by criminal gangs.
The most common techniques used by cybercriminals have remained constant over the past several years, with phishing and ransomware continuing to occupy two of the top three spots. According to the Verizon 2021 Data Breach Investigations Report, phishing held the top spot as the data breach tactic used most often, jumping from 25% of all data breaches in 2020 to 36% in 2021. Ransomware, on the other hand, was responsible for most data breaches caused by malware.
Worse yet, these types of attacks continue to evolve and now include the use of machine learning artificial intelligence (AI), automation, chaining exploits against known and zero-day vulnerabilities, zero-click exploit kits developed by the NSO Group, fileless malware and the adoption of the “as-a-service” business model. These evolutions help cybercriminals stay one step ahead of their targets.
What is phishing?
Phishing is a social engineering tactic that uses deception to steal an end user’s credentials and other personal information. The most common phishing delivery tactics are email and attachments, text and multimedia messages, telephone and malicious advertisement networks. These tools persuade the end user to tap onto a hyperlink to a specially crafted counterfeit site or internet domain. End users are easily coaxed into divulging their precious personal information because of attention-grabbing headlines and authentic-looking, obfuscated or shortened hyperlinks. And when the end user lands on the site, a malicious exploit kit or keylogger can be unknowingly downloaded onto the device or desktop to steal personal information, including credentials or credit card numbers, which attackers can then use to compromise devices and steal more high-value information. Phishing continues to be the most common type of cybercrime today, and as remote and hybrid work becomes the norm, companies and employees have become more relaxed with their cybersecurity hygiene. It is human nature.
Types of phishing techniques:
- Phishing-as-a-service is a business model that packages the most effective phishing tools and is sold as a commodity to anyone willing to pay.
- Cloning duplicates legitimate-looking business emails and websites that deceive targets into clicking a hyperlink that is replaced with a link to a malicious site.
- Deep fake employs artificial intelligence (AI) to propagate deceptive information or influence end users by manipulating an individual’s spoken words, mannerisms and expressions originally recorded as audio or video.
- Emails and attachments can be crafted that look legitimate but trick an individual into clicking a hyperlink where they unknowingly disclose personal information or credentials.
- Pharming employs authentic-looking hyperlinks in phishing emails that redirect end users from a specific, legitimate site to a malicious one by changing the Domain Name System (DNS) table in the host web server.
- Smishing (SMS phishing) leverages text communication that uses link shorteners to conceal malicious links within a text message.
- Spear phishing usually targets administrative level individuals or groups by using a personalized pretext with the intent for greater success by stealing credentials that are granted greater permissions to access more sensitive company data.
- Vishing or voice phishing uses traditional telephone voice communication to trick victims into revealing sensitive information or sending money to the cybercriminal.
- Whaling deceives C-suite executives by enticing them to click a hyperlink or attachment that installs an exploit kit or malware on their device to steal sensitive company or personal information.
What is ransomware?
Ransomware is malware whose sole purpose is to extort money from the end user. Once the end user’s credentials are known via phishing attack, cybercriminals can then grab additional valuable data on the user’s mobile device or laptop, then escape the device and move laterally onto connected networks in search of additional valuable data to steal. Cybercriminals can then block access to critical information often by encrypting the data, before sending out a ransom note and expecting payment in untraceable cryptocurrencies like Bitcoin or Monero. If the data is extremely sensitive, ransomware gangs can “double extort” their victims by threatening to reveal the information to the public unless an additional ransom is paid.
Ransomware is also proliferated using trojans, spam email with malicious attachments, fake software update tools, third-party software app stores and distribution sources that push apps and tools that contain malware, spyware, or exploit kits.
2021 was a record-setting year for data breaches and ransomware. Successful high-profile ransomware attacks were executed against CNA Financial Corporation in March, Colonial Pipeline in late April, Acer computer manufacturing in May, and, also in May, one of the largest meat packing companies, JBS Foods. Another was Kaseya VSA (Virtual System Administrator) in July, although no ransom was ever paid as the FBI (Federal Bureau of Investigation) was able to obtain the decryption keys from the servers of the ransomware gang to restore the IT (information technology) infrastructure of its clients.
Combating phishing and ransomware
Cybercriminal gangs have become more sophisticated and well-funded with a potent set of attack tools and tactics at their disposal. It feels like a constant perfect storm keeps hitting the internet, and some organizations believe that a life preserver is sufficient to withstand this Category 5 hurricane.
In the Everywhere Workplace, to have a fighting chance to protect your precious data, it is imperative to place as many robust impediments as possible in the path of these cybercriminals. Ivanti develops cybersecurity solutions to discover, manage, and secure your data found in mobile devices, desktops, servers, applications, networks and cloud stores and protect it from being compromised.
Discover best practices for defending against phishing. Watch the on-demand webinar: A Multi-Layered Approach to Anti-Phishing.