Advanced phishing

How cybercriminals work together to take down your organisation

by Egress
Published on 14th Jul 2021


Ransomware gangs such as REvil are creating global headlines with their ongoing attacks. Recently, chemotherapy treatments in Vermont were delayed, meat plants were temporarily shut down across the United States, and an attack on the company that owned the Colonial Pipeline set off a panic up and down the East Coast spurring a real-life fuel shortage.

Cybercriminals can be dangerous when they work as lone wolves – and even more so when they collaborate as part of a wider network. Unfortunately, that’s exactly what’s happening. Criminals are working together in order to share intelligence, create new hacking software, and evade security defences.

Cybercrime ‘as-a-service’

Cybercrime is big business. If it were measured as a country, then it would be the world’s third-largest economy after the U.S. and China. Cybercrime is predicted to inflict damages totalling $6 trillion USD globally in 2021 and is making headlines on a regular basis.

These hackers are no longer the sinister individual alone behind a screen, they are a complicated online network that distributes, shares, and sells data and tools on the dark web. They operate in a similar way to a business does – they’re assessing their marketplace, competitors, and doing SWOT analyses to create a pipeline of features for their hacking tools.

As their organisation increases, so does the sophistication and success rate of their attacks. And the payload that’s making headlines and keeping business up at night (with good reason) is ransomware.

Rising tide of ransomware

Ransomware is a rapidly growing problem, and criminals are increasingly turning to others within the hacker community to buy access into corporate networks. A successful ransomware attack can be highly lucrative for a criminal gang, so it’s no surprise how popular they are.

It works like any other online marketplace (albeit on the dark web) – where vendors can advertise and sell their malware. This means we often see multiple criminal gangs using the same malware payloads for ransomware. It’s time IT leaders paid some serious attention to how ransomware is being delivered into their organisations.

Delivering ransomware through phishing

Cybercriminals are developing a wide range of techniques, but there’s a particular focus right now on creating new and sophisticated phishing attacks to deliver ransomware. These attacks target the human layer of a business – as a phishing attack only works when someone falls for it on the other end within the target organisation. Unfortunately, these attacks are often successful.

It’s estimated that over 90% of ransomware attacks in the UK are now delivered via email phishing. Traditional security solutions were set up to deal with mass (often poorly designed) phishing attacks and are simply unable to keep pace with the more innovative attacks we’re seeing today.

Human layer security: An intelligence defence

These phishing attacks target the human layer – so an organisation’s defences need to focus on the human layer too. Egress Defend is an intelligent anti-phishing solution that uses machine learning to analyse both the content and context of all inbound emails, giving users an educational traffic-light system that alerts them to phishing attacks in real time.