Tip Tuesday: How to avoid the new impersonation attacks

Posted by Lauren Beliveau on Feb 6, 2018 8:12:00 AM

shutterstock_449626876.jpgThe adoption of web-based applications in small and medium-sized businesses has increased tremendously over the past few years, so it’s no surprise that web application attacks continue to grow. In the 2017 Verizon Data Breach Investigations Report, web application attacks were the number-one cause of data breaches. More and more SMBs are moving their day-to-day operations to applications like Google Docs, Outlook, and DocuSign, leaving them vulnerable to some of today’s sophisticated cyber-attacks.

In a recent Threat Spotlight Asaf Cidon, VP of content security services at Barracuda Networks, outlined this new pattern of cyber-attacks that prey on users’ trust in their current web applications. Here is the advice that he had to share:

“Even if an organization has traditional email security technologies enabled, there will be nothing preventing the user from providing their credentials to the cunning cybercriminal. The best hope to stop these attacks is artificial intelligence for real-time spear phishing protection like Barracuda Sentinel in addition to regular training to raise awareness of evolving and new threats.”

Cybercriminals can be cunning and will often look for multiple ways to exploit sensitive information. To read more of Asaf’s advice, check out the Threat Spotlight on the Barracuda blog.

3 Things SMBs can do to avoid falling victim to this attack

The Google Docs, Outlook, and DocuSign attacks have been showing up in emails and tricking trusting users into entering their credentials on a fake sign-in page, which steals their credentials and uses them to launch spear-phishing attacks.

Barracuda Email Threat Scan

Asaf explains that this attack has been so successful because it uses a zero-day link, which means a unique link is used in each email so it won’t ever show up on security blacklists. The link also leads to a legitimate website where the cybercriminal has inserted a sign-in page, so the domain and IP registration appear legitimate.

Due to the nature of this attack, it can be tricky to educate your SMB customers about it. Here are three things you can teach your SMB customers to help mitigate this cunning attack:

1. Encourage users not to click on email links. Instead of having users click on the links in their email, encourage them to go directly to the site. For example, suggest that they navigate directly to GoogleDocs instead clicking on the “secured document link” in their inbox. While it might take a few extra minutes to navigate to the document they want, it will ultimately save them from surrendering their password credentials to hackers.

2. Teach your SMB customers about the nature of the attack. Now that you know cybercriminals are trying to impersonate Google Docs, Outlook, and DocuSign, warn customers to be weary of emails coming from these sources—and remind them to be careful when they are prompted to log in. For sharable examples of emails used in this type of attack, check out the Threat Spotlight here.

3. Introduce solutions to mitigate these risks. One solution that Barracuda MSP now offers, is Barracuda Sentinel, this email security solution can automatically detect and quarantine these emails before they reach users’ inboxes. This next level of protection can help give you and your SMB customers’ peace of mind, knowing that their credentials will stay safe. To find out more about this product, please contact us here.

When it comes to email security, the best defense is informed users. Routinely educate your SMB users on industry best practices to safeguard them against sophisticated threats like this.

email security-CTA

Photo:  Mc Satori / Shutterstock. 

Topics: Tip Tuesday

Ready Set Managed
Cyber security risk assessment
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment