A recent survey by Blue Coat Systems highlighted the continued threat of poor user IT security behavior. One of the interesting results related to phishing found that 17 percent of US employees open unsolicited emails despite 80 percent viewing such behavior as a serious risk. In today’s mature phishing and spear phishing environment, businesses should refresh their protection measures against such behavior.
Phishing and Spear Phishing Revisited
As a quick refresher, phishing is when unsolicited emails are sent out in mass with malicious URLs, or attachments, that will result in the potential compromise of a computer by malicious software.
Spear Phishing goes one step further and creates messages that appear to come from a trusted or known source such as your bank, ecommerce website, or a personal connection. If 17 percent of US employees are opening unsolicited emails, it is fair to assume that the rate would be significantly higher for a spear phishing attack where the sender is assumed to be trusted.
Steps to Protect
Here are a few steps to add or review in the battle against phishing.
- Keep applications patched
- Remove administrator privileges
- SPAM filters
- User education
Much has been said about patching operating systems, but most phishing attacks will exploit a browser or application. In the case of a browser, a URL can be shortened, lengthened, or have a domain name that is slightly off, leading to a link that exploits a browser vulnerability. Keeping browsers up to date with patch management software (shameless plug) is critical to success. Even in a highly managed environment, end users can still install alternates, so inventory and patch everything.
As to other applications, the exploit can be a malicious PDF, Office document, or something similar. Phishers are going after big targets, so keep all your software patched as well as your operating systems.
Remove Administrator Privileges
Less common in the US, as in Europe and Asia, is the removal of administrator rights. Many users want to run with an administrator account so they can install their own software and modify operating system settings. Where users have administrator accounts, privilege management software (such as Arellia Application Control Solution) can reduce the privileges of targeted software such as browsers, PDF readers, and email clients. By reducing the privileges of applications, exploits will be limited in their impact (browser crashes versus a malicious program is installed).
Containerization is a newer technology similar to operating system virtualization, except applied to applications. With containerization software (such as BUFFERZONE), an application doesn’t have the ability to access other application data or certain areas of the operating system. Should a browser be compromised, the access is limited to that container. This has been the model for mobile operating systems such as iOS and Android, and proved to be fairly successful.
There isn’t much to be said here other than you need to prevent bad behavior by never giving users the choice. While not perfect, a good SPAM filter can reduce the number of decisions users need to make, not to mention reduce the number of emails one needs to review and delete daily.
Although frequently maligned these days, it is still important to use anti-malware software to protect against malicious exploits. It may not catch the zero-day vulnerability attacks or advanced threats, but not everything will be that sophisticated.
Sometimes it feels hopeless after a study like this, but user education should still be provided to reduce risk. Not every user will learn, but you can assume some users will apply better behaviors and not click on that enticing email that leads to a path of doom and dismay.
These are a few recommendations, but not a comprehensive list. Apply these steps to reduce the risk of phishing in your environment.