What MSPs need to know about spear phishing

These complex email attacks are a growing threat to your clients.

By Chris Crellin, Senior Director of Product Management, Barracuda MSP

Chris Crellin, senior director of product management, Barracuda MSP

Email remains the key entryway for most cyber-attacks, despite decades of work to secure corporate email systems. There has been a significant shift from volumetric attacks to more targeted schemes by organized groups using social engineering methods. These spear-phishing attacks are much more complex and challenging to detect using traditional email security solutions. 

According to the recent Spear Phishing: Top Threats and Trends report from Barracuda: “Old methodologies of email protection that relied on rules, policies, allow or block lists, signatures and other attributes of traditional email security are no longer effective against the growing threat of socially engineered attacks.”

These attacks are increasing in frequency. According to the report, the average company is targeted by more than 700 social engineering attacks each year. One in five business email compromise (BEC) attacks target employees in sales roles, and 77 percent target employees outside of finance and the executive suite. In addition, IT staff receive an average of 40 targeted phishing attacks annually.

Spear Phishing Basics

These types of attacks take a few common forms, such as BEC, spoofing, and impersonation. Additionally, the incidents are highly targeted and well researched, so that cybercriminals can approach specific employees with customized messaging. 

Unlike malware attacks, these scams use social engineering to trick employees into giving up credentials, providing access to corporate data, or even transferring funds. As noted above, the attacks target a wide range of employees, both inside and outside of finance and sales. With BEC attacks, they gain access to one or more accounts and then use those to launch additional attacks from within.

That makes these attacks difficult to train for and to protect against. According to the Barracuda survey, many organizations focus their tier training on perceived high-level targets like the executive and finance teams. But according to the research, 77 percent of BEC attacks were targeted at other departments, and these are the weak links that need strengthening. For example, traditional phishing schemes that directed victims to spoofed websites were more common among the emails targeted at IT; the IT staff were rarely the target of BEC attacks, designed for an economic payoff. 

In other words, criminals are crafting these attacks for different employees based on their likelihood of success.

That means MSPs interested in helping their clients avoid these costly attacks should provide an expanded level of training (including phishing simulation) that helps all staff members recognize phishing emails. Additionally, security solutions that leverage artificial intelligence to analyze email patterns can help stop these attacks before they spread. For example, AI-based solutions can be trained to spot anomalies among email traffic, which can help more quickly identify BEC attacks.

Cryptocurrency and Phishing

Another trend identified in the Barracuda report was an increase in cryptocurrency-related attacks by a whopping 192 percent in the past year. While digital currency like Bitcoin is often used to collect payment in ransomware attacks, the rapid increase in value of cryptocurrency created an opportunity for new types of fraud. Hackers are impersonating digital wallets and other cryptocurrency applications to steal credentials via phishing and BEC attacks. 

Best Practices

The Barracuda report identified several best practices to follow to help MSPs protect clients against these attacks. 

Invest in modern security solutions. As mentioned above, AI-based solutions provide a way to quickly spot attacks that firewalls, blacklists, and human monitoring would otherwise miss. 

Leverage automation. Automated detection and remediation solutions such as Barracuda Forensics and Incident Response (FIR) can mitigate damage from email attacks before they becomes a critical issue and also prevent future attacks.

Provide account takeover protection. AI solutions can also recognize compromised accounts in real time, alert users, and remove malicious emails sent from those accounts. 

Utilize DMARC authentication. This type of reporting and enforcement can detect domain spoofing and brand hijacking attacks.

Boost training efforts. MSPs should offer robust training programs for their clients and staff to build awareness around current threats and provide guidance on reporting suspicious activity. In addition, simulations can help identify employees and departments that might be particularly vulnerable, so that additional resources can be optimally deployed. 

Help clients develop robust security policies. If companies establish policies for the sharing of sensitive data and transfer of funds that require multiple levels of approval and accountability, most of these types of spear-phishing attacks can be stopped before there is a breach or financial loss.

By helping clients leverage training and technology to identify and stop spear phishing attacks, MSPs can keep their networks and applications safe, while establishing themselves as trusted partners in the fight against cybercrime.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.