Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Backup
      • Microsoft 365 Backup
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Backup
    • Microsoft 365 Backup
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Author: 11:11 Systems
Date: October 13, 2021

A Tale of Two Phish: How Phishing Leads to Ransomware

This blog post originally appeared on the Green Cloud Defense blog. Green Cloud Defense was acquired by 11:11 Systems in.

It was the best of times, it was the worst of times, it was the age of phishing, it was the age of ransomware, and the story goes on. The security industry continues to see how ransomware devastates organizations. According to a Fortinet 2021 report, the average weekly growth of ransomware is seeing an increase of around 10 times more than one year ago. (1) Extortion has become the norm in cybercrime and there is a massive financial benefit. Insurance companies continue to write policies that simply pay out millions of dollars in ransom demands despite the warnings of tired, frustrated technology professionals. Criminals are ramping up operations, emboldened by the guaranteed payoff. On top of this, security vendors stand waiting and alert, like a green recruit ready for their day on the front line. We have successfully created a world where the criminal knows big money is right around the corner. However, we can’t fool ourselves into thinking big businesses with large IT budgets and huge security groups were the only targets. We would also be severely inaccurate if we thought it all happens like some bad movie plot – “I’m in the firewall!” These scenarios are not realistic. Other forces are in play. They are organic in nature. We must not forget the human element to all of this: our end users.

One goal we may all have is to not have a resume generating event. Sure, common frameworks such as NIST and MITRE ATT&CK can most certainly create a base for proper protections, but the human element is often overlooked. This is a tale of two phish. We would miss the mark if we did not talk about the phishing, the whales, and the spears. Some may ask, “What is phishing?” Phishing is simply defined as an attempt to somehow get Alice or Bob to divulge sensitive information. Alice gets 100 emails a day; she is experiencing infobesity.  It’s easy to see how a phishing attempt could be seen as a legitimate email. In an office down the hallway, Bob, the CEO, needs her to see an invoice and get it processed ASAP. Spearphishing goes after Alice, the little fish.  Bob, on the other hand, is a very big whale. With whalephishing, the CEO is considered the main course. Alice receives the email and after a click, a reverse shell is in place; none is the wiser. Big surprise, that was not Bob. That was Nicole and she is four states away. The pesky macro that Nicole injected inside the email sets off a chain of events that would later cost money, time, and reputation. There were methods to gain that traction and persistence. Nicole targeted this MSP because she knew the initial attack surface was small but grows exponentially as enumeration exposes the MSP’s client base.

Again, let’s be honest; with power and position comes risk. Executives and the C-Suite are busy. Phishing scams are just not a priority to upper management. A 2020 Forbes article tackles this quite eloquently, “The longer management ignores the threat posed to customers by phishing attacks, the more likely an enterprise will repeatedly experience this type of attack.” (2) It’s a simple mistake to click on that urgent email from the CEO. Malicious actors know this; they bet on success. Phishing can be done via an email, a phone, or an SMS message. The objective is to become Alice’s friend, find her trust, and eventually gain access. Alice and Bob are not the only targets. Vendors and supply chains are bigger fish and are priority number one.

Supply chain attacks have been in the news recently. Remote management organizations have shown us how brittle our security posture is. These 3rd party vendor applications sit on a customer’s network without restriction and with elevated privileges. Remote management organizations have persistence into a network via a remote monitoring and management (RMM) application; it is there by design and provides access to client devices and networks. Who are these clients?  Large companies use RMM solutions, but a large swath of attacks target Managed Service Providers and Cloud Service Providers (CSP) via an RMM solution. Supply chain attacks are one of the most serious vectors for compromise. By phishing and intruding inside the network of [insert remote management company], a malicious actor can obtain access to update repositories, vendor VPN connections, and other organizational controls. This is where MSP’s and CSP’s are advised to exercise caution.  Supply chains and vendors are the crown jewel for criminals. Securing infrastructure by deploying network access controls, enabling endpoint protection solutions, and standing up firewalls is not sufficient. Employee education, phishing simulations, and security minded incentives will help to drastically reduce the number of security incidents in any organization. MSP’s and CSP’s must be prepared to handle a security event for their customers but also deploy good digital hygiene in their own environments.

We see Alice and Bob every day. We know them, we work with them. In short, we are Alice and Bob. Our goal is to avoid Nicole at all costs. To avoid phishing attempts, we must first recognize the threat so we can eliminate it. Verify everyone and when in doubt, contact the person that sends an attachment. Hover over links and verify the domain but avoid clicking on links in emails, if possible. Get into the habit of reading the voice on the other end of the call. Are they being extremely nice and asking how your family is, how the baseball game is? Is this person trying to slide into your life for any curious reason? Be wary and have common sense but if anything, perform the following:

Trust no one, verify the rest.

 

David Moore
Solutions Engineer, Cloud and Security

 

(1) Fortinet, Inc. 2021. Global Threat Landscape Report
(2) Stolfo, 2020, Why The C-Suite Should Care About Phishing Attacks Against Customers, accessed 20 September 2021, <https://www.forbes.com/sites/forbestechcouncil/2020/04/01/why-the-c-suite-should-care-about-phishing-attacks-against-customers>

Category: SecurityBy 11:11 SystemsOctober 13, 2021
11:11 Systems

Author: 11:11 Systems

Post navigation

PreviousPrevious post:Breaking Down Multi-Factor AuthenticationNextNext post:Changes To Cyber Insurance Mean Adjusting Your Approach to Managing Risk

Related Posts

Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
What is 11:11 Systems?
What is 11:11 Systems? A company built on cloud, connectivity, and security
January 30, 2023
11:11 Systems Wins 2022 Backup and Disaster Recovery Award from Cloud Computing Magazine
January 25, 2023
Why Staying Connected to the Cloud Can Be Simple, Secure, and Seamless
Why Staying Connected to the Cloud Can Be Simple, Secure, and Seamless
January 24, 2023
11:11 Managed Connectivity Solutions
11:11 Managed Connectivity Solutions
January 23, 2023
Risky Business
Risky Business: Managing Vulnerabilities by Prioritizing Risk
January 11, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}