WCRC Director, Detective Superintendent, Paul Peters talks through why this cyber threat is on the rise across the region.
Over recent weeks I have spoken to cyber security firms and members of the Cyber Resilience Centre for Wales and there is a definite sense that spear phishing emails are on the increase. We often speak about the importance of recognising phishing emails, but when the criminals use spear phishing techniques, they are targeting your business.
Phishing is often a mass distributed attack, with the hacker hoping that someone they’ve targeted uses the bank they are pretending to be from or has just made a purchase at that online retailer, or it might be they are just having a bad day and open up the bogus email. Once they have clicked, they then move to the next stage of the hacker’s attack, whether that is downloading malware, or being directed to a fake website to harvest log-on details.
Yet, with a spear phishing attack the phisher is deliberately attacking a specific person or role within the organisation. They have spent time crafting an email containing information that makes the email appear genuine, maybe even appearing to have been sent from a known person within that organisation. The hacker has likely used publicly available information, maybe from social media, to help them make what looks like a genuine email.
As these attacks increase, advancements are also being made to improve the way in which these crimes can be reported, for example the development in Microsoft Office 365. The National Cyber Security Centre (NCSC) has released a reporting tool which can be added to business Microsoft 365 accounts. Once added, the tool appears as a new button that employees can click on to report phishing emails or potential scams to the NCSC, as well as informing your own IT team so alerting everyone to the threat.
The National Cyber Security Centre also provides advice on how to avoid being caught out by such a scam as this. It recommends that you consider what sort of information you are sharing online, and whether it could be used to craft a spear phishing email. Review who has access to your organisation’s most valuable information and only allow this access on a need-to-know basis. By managing access privileges, you are reducing the number of targets for a hacker to launch a spear phishing attack against.
It is also worth remembering the hacker who crafts the spear phishing email will have a specific goal. It might be to induce a fraudulent transfer of monies or get access to an administrator account. This will give you an idea as to who is most vulnerable and what processes will need to be copied or bypassed by the hacker to achieve their goal.
Once you have done this then revisit your processes and see what additional measures you can put in place. A simple example of this is a policy whereby if a supplier requests a change of bank account details, these are not changed until the written instructions are confirmed verbally. The key is to have multiple layers of defense to prevent the hacker succeeding.
If you are the recipient of a phishing email then report it to the Suspicious Email Reporting Service (SERS) which is run by the NCSC. Simply forward the email on to firstname.lastname@example.org The SERS analyses the emails and where they have links to malicious sites, they will seek to remove those sites from the internet to prevent the harm from spreading.
The Cyber Resilience Centre for Wales offers free membership which will inform you of the current threats and simple steps to take to reduce your vulnerability to an attack. By becoming a member, you will have the opportunity to speak to one of the team about your own cyber security and concerns.