Avoid sophisticated phishing attacks by slowing down, getting trained, says FortiGuard Labs
BY MARK ALBERTSON
Ransomware attacks are a huge issue today, and one of the reasons is that malicious actors are finding a way through security defenses to penetrate systems. In most cases, the way they are getting in is through a successful phishing attempt.
Cybersecurity researchers at FortiGuard Labs have seen a noticeable uptick in the sophistication of phishing attacks, a troubling development given the recent impact of ransomware exploits on energy supplies and basic commerce.
“Every attack seen in the last 16 months usually has a phishing component, and over the last couple of weeks we’ve seen some really sophisticated attacks,” said Aamir Lakhani (pictured), cybersecurity researcher and practitioner at FortiGuard Labs. “These are attacks against industrial control systems, against critical infrastructure, against large corporations and government entities. Attackers are going back to the well and making it more effective and more sophisticated than it ever used to be.”
Lakhani spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed techniques used by bad actors to breach systems and what users can do to protect themselves and their organizations. (* Disclosure below.)
Targeting HR functions
One of the ways the attacks have become more sophisticated is by playing on the emotion and speed of the user. Many people are conditioned to multitask by using different platforms and technologies, moving through multiple websites and clicking on links throughout the day in an online blur.
When coupled with a post-pandemic world where many people are either looking for jobs or businesses are looking to staff up again with some urgency, the situation is ripe for mistakes to be made.
“Now they are actually targeting organizations and what you do as a job,” Lakhani said. “I’ve seen phishing attacks against Human Resource departments. ‘I want to apply for a cybersecurity position and, by the way, my resume is encrypted so please click on this link to see a secure version.’ In reality, when they click on that button, it’s attacking their machine and getting into their organization.”
To protect against this tidal wave of phishing attempts, Lakhani advises that people slow down the pace and check links more carefully. Up-to-date security tools and training in what to look for can be an asset as well. Fortinet makes over 30 of its self-paced courses available for free and plans to continue this beyond 2021.
“The thing we can do to protect ourselves is to slow down,” Lakhani advised. “Make sure your security products are up to date, make sure they are installed, and make sure your patches are current. Training opens up your eyes to understand it’s more than about emails; it’s about every way we can use technology.”
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2021 | Palo Alto. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For CUBE Conversations 2021 | Palo Alto
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for CUBE Conversations 2021 | Palo Alto.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
CUBE Conversations 2021 | Palo Alto. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to CUBE Conversations 2021 | Palo Alto
Please sign in with LinkedIn to continue to CUBE Conversations 2021 | Palo Alto. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Aamir Lakhani, FortiGuard Labs | CUBE Conversation, July 2021
Avoid sophisticated phishing attacks by slowing down, getting trained, says FortiGuard Labs
BY MARK ALBERTSON
Ransomware attacks are a huge issue today, and one of the reasons is that malicious actors are finding a way through security defenses to penetrate systems. In most cases, the way they are getting in is through a successful phishing attempt.
Cybersecurity researchers at FortiGuard Labs have seen a noticeable uptick in the sophistication of phishing attacks, a troubling development given the recent impact of ransomware exploits on energy supplies and basic commerce.
“Every attack seen in the last 16 months usually has a phishing component, and over the last couple of weeks we’ve seen some really sophisticated attacks,” said Aamir Lakhani (pictured), cybersecurity researcher and practitioner at FortiGuard Labs. “These are attacks against industrial control systems, against critical infrastructure, against large corporations and government entities. Attackers are going back to the well and making it more effective and more sophisticated than it ever used to be.”
Lakhani spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed techniques used by bad actors to breach systems and what users can do to protect themselves and their organizations. (* Disclosure below.)
Targeting HR functions
One of the ways the attacks have become more sophisticated is by playing on the emotion and speed of the user. Many people are conditioned to multitask by using different platforms and technologies, moving through multiple websites and clicking on links throughout the day in an online blur.
When coupled with a post-pandemic world where many people are either looking for jobs or businesses are looking to staff up again with some urgency, the situation is ripe for mistakes to be made.
“Now they are actually targeting organizations and what you do as a job,” Lakhani said. “I’ve seen phishing attacks against Human Resource departments. ‘I want to apply for a cybersecurity position and, by the way, my resume is encrypted so please click on this link to see a secure version.’ In reality, when they click on that button, it’s attacking their machine and getting into their organization.”
To protect against this tidal wave of phishing attempts, Lakhani advises that people slow down the pace and check links more carefully. Up-to-date security tools and training in what to look for can be an asset as well. Fortinet makes over 30 of its self-paced courses available for free and plans to continue this beyond 2021.
“The thing we can do to protect ourselves is to slow down,” Lakhani advised. “Make sure your security products are up to date, make sure they are installed, and make sure your patches are current. Training opens up your eyes to understand it’s more than about emails; it’s about every way we can use technology.”
