Sometimes it feels like the security landscape is moving faster than ever before, with threat actors finding new and ever more creative ways to gian access to the most sensitive parts of companies infrastructure and wreak havoc. The latest big spike in ransomeware that we have seen are cunningly exploiting contact forms on companies own websites. Microsoft have released some findings around their tracking of the issue.
The Microsoft Defender team tracked the malicious emails which arrive in the recipient’s inbox from the contact form submission and found that they often appear trustworthy as they were sent from a trusted email marketing system, which helps them to appear legitimate and evade detection. As the emails are originating from the recipient’s own contact form on their own company website, the email templates match what the users would expect from an actual customer interaction or inquiry.
As the attackers fill out and submit the contact form, an email message is generated to the associated contact form recipient or targeted enterprise, containing the attacker-generated message. The message uses strong and urgent language (“Download it right now and check this out for yourself”), and pressures the recipient to act immediately, compelling them to click on the links.
Clicking the link often brings the recipient to a Google page that requires the user to sign in with their Google credentials. Because of this added authentication layer, some detection technologies may fail in identifying the email as malicious altogether.
How to protect your business?
The first line of defence and possibly the most crucial element of mitigating these kind of attacks is user eduction. The people in your business can be one of your biggest strengths, but only if they have the right skills and tools at their disposal, so make sure your business doesn't become the latest victim with a few simple steps:
- Raise basic awareness of the issue with emails, posters in the office, discussions in meetings and intranet news items to get it to the front of people's minds.
- Test users' reactions to such attacks to help show people that it can and does happen as well as to keep people's guard up.
- Conduct staff training sessions such as short online courses which are repeated periodically in order to keep the issue fresh in people's mind.
In addition to staff training, the computer systems themselves also need to be protected. Spam filtering would often not protect you from this latest threat as the email is coming from a known-good place (your own website), however high quality web filtering would help to ensure that the end destination is not reached and endpoint protection would help to keep the computer safe should anyhting be downloaded.
Working backups of all key systems with a well tested plan on how to restore them in case the worst does happen are also essential. These should be sotred independantly from the systems so that they can't also be encrypted, deleted or modified at the same time.
If you would like Freethought to help keep your business safe why not get in touch, the first consultation is free!
To make sure you catch all the news, guides, security tips and help with your business IT simply drop your details here: