Protect yourself from malicious actors on phishing expeditions

News outlets in early July reported that Chinese state-sponsored hackers breached over two dozen organizations worldwide, including several U.S. government agencies and institutions, gaining access to their email accounts. These actors forged authentication tokens to access Microsoft email accounts and established access to victims’ email inboxes for about a month before Microsoft cut their access off.

Both the U.S. State Department and Commerce Department were victims; the hackers seemed to be gathering information about sensitive bilateral issues between the United States and China. The breach at the State Department, first noticed in June, coincided with Secretary of State Antony Blinken’s trip to China; while the breach at Commerce aligns with its expected actions to impose additional export controls and restrictions on Chinese investment in advanced technologies. 

The China-based threat actors in this incident may have leveraged their access to conduct espionage, but threat actors also target everyday Americans for other reasons. These include for financial gain (both direct monetary compensation as well as selling valuable data for money), for identity theft, for theft for competitive advantage (intellectual property, trade secrets, blackmail, surveillance), for political reasons, and for ego (the “because I can” mentality).

Malicious actors can get pretty creative in finding ways to breach your organization. For example, in 2019, North Korean state-sponsored hackers were able to breach an institution that connects all of Chile’s ATMs. The malicious actors posed as Spanish-speaking recruiters on LinkedIn, targeted an employee who applied for a position at a fictitious company, and lured him into downloading a PDF while on a Skype “interview.” As a result, the North Koreans breached the country’s entire ATM network.

Cybercriminals also use ransomware to target organizations, and some groups participate in a model referred to as Ransomware-as-a-Service. Different groups of threat actors specialize in each stage of a ransomware attack, and share the profits generated. For example, one group focuses on developing different malware while another focuses on writing compelling phishing emails to entice the victim to take action on their behalf. Other groups purchase or lease ransomware to actually deploy them against their targets.

All of these examples share common threads from the victim’s perspective: a human that clicked on a malicious link or opened a malicious file, or the actors that exploited a vulnerability that existed due to human error or oversight. Indeed, most threat actors find consistent results using the easiest ways in.

Some of the most common tactics used against you are likely familiar examples. Bad actors may try to impersonate your boss, an executive or someone you know to entice you to click on links or do things for the attacker that you otherwise would not. Or you may navigate to a website that loads malware onto your computer and end up being the first stage of a later, more consequential cyber attack. Looking for the “https://” in URLs or the lock symbol in the address bar will help ensure that a website is secure. Bad actors will also attempt to disguise themselves as trusted sources when trying to compromise you, either by sending emails that seem to originate from known domains, or attempting to get you to navigate to a website such as g0ogle.com.

Finally, installing and deploying ransomware is a common tactic where adversaries will encrypt the “crown jewels,” that is, data, networks or systems that are essential to business operations, and pressure you to pay a ransom to decrypt everything. The actors may even threaten to release or sell that sensitive data in order to pressure victims to pay up.

There are innumerable frightening ways for threat actors to compromise you or your company. The best way to stay safe online is to be informed.

But more practically: Do not click on links or open files from people you do not know. Think twice if there’s urgency to a message asking you to do something such as sending payments or opening a file. Confirm any actions asked of you with the actual individual who allegedly emailed or messaged you.

Improve password security by using symbols, numbers, or complex phrases. While you’re at it, take advantage of multifactor authentication (MFA) offerings to enhance your account security; even if an attacker has your password, they will have a tough time trying to breach your inbox with MFA enabled which requires a unique code or identifier associated with your device or phone number. Finally, keep software and operating systems patched and updated. Those pesky “update” reminders on your devices? Install them. They may have security patches that fix vulnerabilities that attackers can take advantage of to target you.

It is easy to dismiss these practices, thinking, “What would attackers even want from me?” But as the North Korean breach proves, even an innocuous job application can result in the compromise of an entire organization and any connected services your company may employ, resulting in astronomical costs to remediate. But even at an individual level, you wouldn’t want to end up as a victim of fraud, identity theft, or any future incidents against your friends or family.