Phishing for the Catch of a Lifetime


Armadillo, 4 Jan, 2019

Awaking bleary eyed to that unprecedented sound of an alarm going off is the bane of most working people’s lives 5 or 6 days a week. The usual realisation that the sweet 8 hours of sleep is now over, and the working day is about to begin. However, in the fishing world, especially carp fishing (my great passion) this is a euphoric sound and indicates a bite and all the hard work, preparation and time spent chasing these wild beasts has now paid off, with that wonder of has your target fish made that mistake and hooked itself.

Fishing has always been part of my life, even from an early age of 3 or 4 where as a boisterous energetic young boy unable to sit still you would never have guessed this was a great passion and in my blood. Even at that age I would disappear for hours on end in search of fish from rockpools on the beach and not move until I had caught the biggest and best that I could see. This passion has slowly grown over the years and now I spend most weekends and annual leave searching for the biggest and best fish in several lakes I currently fish.

The fish of choice for the recreational angler and specimen hunter of the UK is the Carp, they come in many shapes and sizes up to 70lb. These animals are now fished 24/7, 365 days a year and have seen it all. However even after being caught for many years even the wiliest of fish slip up occasionally and end in an angler’s photo album. Now I bet your sitting there wondering that’s all well and good, and maybe even interesting to some of you but how does that relate to Cyber security. Like most fishing lakes, cyber attackers are trying to catch what they perceive as their target A team fish, producing new and different techniques to try and outwit their foe and extract the information, credit card details or relevant passwords they are seeking.

John Webster holding a big Carp fish.

One such vector that has been exploited for many years since the invention of the email is the phishing attack. This is an email designed to look like a regular email you receive on a day to day and the unsuspecting recipient clicks and fills in sensitive details on the email and opens up his/her computer to be compromised. These attacks are becoming more bespoke and targeted of late with attackers watching and observing senior IT or business contacts for months on end to specifically target their hobbies and interests (so called whaling – targeting the biggest fish).

The cyber security fraternity over the years have been developing solutions and techniques of how to mitigate against this security risk that businesses face:

  • Traditional Email Security:
    Using a single email gateway focusing on anti-virus, antispam, and scanning incoming emails and attachments for these vulnerabilities and blocks these from entering the organisation. The more advanced traditional email security vendors have now added extra layers of protection with solutions to defend against anti-phishing, sandboxing and ransomware protection as attack vectors evolve.
  • Advanced Email Security:
    Email security threats are ever changing and with hackers one step ahead, the traditional security measures are not adequate for the modern enterprises. AI technology is now the forefront of this evolution with its ability to adapt to new threats a lot faster than traditional signature security products. Agari are one of these emerging vendors which allows businesses to not only protect their users and internal environment from targeted spear phishing attacks, but also allows businesses to protect their brand reputation from spoof emails being sent out from their domain.
  • Cyber Security Training:
    Education of employees and key individuals is paramount to stopping these phishing emails from being successful. Educating employees and staff not to click on these phishing emails will vastly reduce the effectiveness of these attacks. ‘Bobs business’ have developed a platform to place all this training in one easy to use web interface. This allows for employees to do this necessary training at their convenience, instead of the need for mass classroom set ups.

Armadillo may not be your best bet to advise on tips of how to catch a carp or improve your personal best. However, with our vast experience of IT security and email attack vectors we are perfectly posed to impartially advise our customers on how to tackle this problem. We do this by working with you and your business to decipher the issues you are facing and develop a solution to improve your security posture and protect your environment. With the shortage of skilled personal in this sector, Armadillo are perfectly posed to not only advise but manage the solution for you with our 24×7 managed service reducing staffing costs and training times. Let Armadillo worry about catching phishing attackers, leaving you all the time in the world to catch your fish of a lifetime.

 

Written by: John Webster, Client Director at Armadillo.