According to a 2017 SANS report,[3] nearly all phishing attacks begin with an innocent click on an email attachment prompted by curiosity about its contents. Fear and urgency reinforce curiosity, all emotional responses to the concern people must stay on top of their work. Clever attackers exploit these emotions by using familiar means of contact to maximize the chance their mark will click on the email. Ground-zero targets open a maelstrom of chaos and destruction revealing critical financial, business, security and other high-value data to the infiltrator. The damage from global ransomware attacks alone in 2017 amounted to more than $5B, much of it not even coming from the direct attack, but from the downtime lost to restoring stolen or destroyed data and computer access. [4] Lots of employees working from dispersed locations, a phishing email that cleverly emulates the work context and provides easy one-click access to its contents, combined with the emotional triggers of curiosity, fear, and urgency, coalesce to produce an environmental triumvirate that favors success for the attacker. [5] How can corporations protect themselves? A potent elixir to the attack is almost astonishingly quick and easy: education of the users of the system. Most US companies agree that end-user training is an important component of maintaining network security and minimizing the attack risk, especially of ransomware events. [6]
Why Phish Transportation Companies?
Why do hackers choose the victims they do? One obvious reason is money, but corporate size and its method of communication also play an important role in determining whom predators will attempt to take down. Transportation companies offer a compelling target because of their large and often dispersed workforce, and the opportunity for rich rewards if the phishing proves successful. [7]
How are Transportation Companies Phished?
Attackers shifted the focus of their attacks away from vulnerable software in 2015 to aggressive email campaigns focused on “the human factor” in 2016. [8] Mobile devices were also exploited, a key communication device in transportation. Attackers use multiple tactics to make their emails easy to open and process. The email may require just one click and the malware is loosed. The email may take the user to a landing page that looks credible, and so encourages the employee to enter potentially sensitive information to a fake page. The email contains an attachment, and because it is persuasively and well-written, the employee clicks on the attachment and the attacker is in the system. Alternatively, attackers send out two emails. The first one contains nothing, but a link with the employee is established. The second email contains the malware. Since trust was built in the first email, opening the second one is easy “phishing.” Finally, a highly personalized message, containing known, public details about the target, may be sent. Even though these types of so-called ‘socially engineered’ attacks are sent out to potentially thousands of targets, sophisticated messaging allows personal details to be included, fostering legitimacy in the email, and encouraging the recipient to open and respond to its contents. The personal touch, though, which encourages the user to open and act, also contains the seeds of response and potential defense.
Stats and examples of Phishing in the Transportation Industry
In 2016, the San Francisco light rail company was phished and hit, their data files stolen. The infiltrators demanded $70,000 ransom and were refused. San Francisco had back up files and did not fall prey to the scheme. Most companies pay the ransom, but to no avail. Even though 40% of ransomware victims pay their attackers, only one in five of those that do meet ransom demands get their files back. [9] That same year Locky ransomware infected more than 400,000 systems while the WanaCrypt0r attack affected hundreds of thousands of computers worldwide. It is not all bad news. In September 2017, H&M International Transportation successfully intercepted and spoiled an infiltration attempt targeting a senior executive in the company, a method known as whale phishing, named for the size of the target. [10]
Steps for Preventing Phishing in Transportation (Training, Testing & Reporting)
Click the image above to check out SecurityIQ’s Phishing template library Phishing attacks are not only growing in number but are also becoming more sophisticated. [11] Experts estimate that 1.385 million unique phishing sites are created each month. Education of the end user is key to halt phishing. Teaching employees to notice spelling errors, the urgency of the message, or an URL that may be close, but not quite identical to the company URL are three ways potential phishing might be detected and intercepted before it hacks into a network. Experts also recommend that phishing drills be conducted, so employees have a chance to apply identification and reporting skills. [12] Other ways to help stop phishing is to encourage employees to not share personal information on social media sites such as Facebook. Phishing criminals use publicly available information in their emails to give the communication credibility. Passwords should be checked, updated and changed at regular intervals.
Finally, although it may appear counter-intuitive, automated processes with built-in security checks should be implemented where possible. A machine does not fall prey to human coercion no matter how well engineered the communication may be.
[1] In a survey conducted by Osterman Research, Inc., of USA-based CIOs, IT managers, IT directors, CISOs and other similar respondents, more than half describe ransomware, one form of phishing attack, as an issue of “concern” or “extreme concern” and nearly that many have been the victim of such an attack; nearly 80% have endured a cyberattack; 68.4% have had mid-level and higher executives targeted, 25% of the senior executives and from the C-suite. Osterman Research, Inc. 2016. State of Ransomware 2016: Understanding the Depth of the Ransomware Problem in the United States. Downloaded 8 January 2018 from https://www.scribd.com/document/320027570/Malwarebytes [2] IBID. Only 4% of survey respondents said they felt “very confident” to stop ransomware attacks. [3] 74% of the respondents to this survey agreed that clicking an email attachment was the primary way threats gained access to their network; 48% reported web drive-by or download. Neely, Lee. August 2017. 2017 Threat Landscape Survey: Users on the Front Line, A SANS Survey. Downloaded 8 January 2018 from https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910 [4] Crowe, Jonathan. June 2017. Must-Know Ransomware Statistics 2017. Downloaded 8 January 2018 from https://blog.barkly.com/ransomware-statistics-2017 [5] IBID, pg. 3. [6] IBID. Osterman Research. [7] IBID. Jonathan Crowe. [8] By December 2016, research noted that 99% of email attacks depended on the recipient to click on an attachment that enabled the attack. Alternatively, the user was directed to a seemingly legitimate URL to enter their names, passwords, and potentially other sensitive information that could allow attackers in to their system. Proofpoint. 2017. The Human Factor 2017: how today’s threats prey on the human factor. Downloaded 11 January 2018 from https://www.proofpoint.com/us/resources/white-papers/human-factor-report. [9] IBID. Osterman Research, Inc. [10] Darktrace. Wednesday, 20 September 2017. Darktrace Detects and Mitigates Phishing Attempt in Leading Transportation Company. Downloaded 8 January 2018 from https://www.darktrace.com/press/2017/196/ [11] Webroot Smarter Security. September 2017. Quarterly Threat Trends. Downloaded 8 January 2018 from https://s3-us-west-1.amazonaws.com/webroot-cms-cdn/8415/0585/3084/Webroot_Quarterly_Threat_Trends_September_2017.pdf [12] European Union Agency for Network and Information Security. 12 October 2017. Phishing on the Rise. Downloaded 8 January 2018 from https://www.enisa.europa.eu/publications/info-notes/phishing-on-the-rise
