The SolarWinds Hackers Put Phishing Scams in the Spotlight

Cybersecurity is more important than ever. Cybercriminals are launching large-scale phishing attacks, and companies need to protect themselves from such threats. Especially after the Colonial Pipeline Ransomware Cyberattack, now is the time to increase your business’ security and reevaluate your current practices.

What Happened with SolarWinds?

The SolarWinds attack occurred in 2020 and went unnoticed for months. Hackers secretly broke into the company’s systems and added malicious code that created a backdoor to customers’ information technology systems.

Hackers then installed even more malware that helped them spy on companies and organizations, including U.S. agencies — like the Department of Homeland Security and the National Nuclear Security Administration — major companies — like Microsoft and Cisco — and other organizations — like the California Department of State Hospitals and Kent State University. Because the hack went undetected for months, security experts say that some victims may never know if they were hacked or not.

Why Should Companies Care Now?

Aside from the fact that the extent of the SolarWinds attack may never be known, the same group of hackers has also been running an active email-based spear-phishing campaign, which targeted 3,000 email accounts across 150 organizations. Though most of the targets are in the United States, at least 24 countries were attacked, and at least a quarter of the targeted organizations are said to be involved in missions including international development and human rights work.

The hacker group — referred to as Nobelium and widely believed to be run by Russia’s Foreign Intelligence Service — launched the current attacks after getting access to an email marketing service used by the U.S. Agency for International Development. After gaining access to USAID’s account, the hackers sent out phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file on the victim’s computer. This file allowed the hackers to access computers through a backdoor, which means they were able to complete a wide range of activities, including stealing data or infecting other computers on a network.

These kinds of sophisticated malware attacks will continue as technology advances. To protect your company, it is important to understand how to identify a phishing scam and to put safeguards in place to prevent such an attack from occurring.

What Is a Phishing Scam?

A phishing scam is a form of social engineering in which an attacker poses as a trustworthy entity on a variety of channels — often email or malicious websites — to solicit personal information from an individual or company, such as login credentials or other sensitive information.

For example, a phishing email may warn the recipient that their account information has been compromised, directing the individual to a website where their username and/or password can be reset. The victim may believe this scam because the email appears to come from their actual bank, so they click on the link. The website they are directed to is also fraudulent, but it is designed to look legitimate, so they enter their information. Now, the attackers have the login information from their phishing victims.

How Can a Phishing Scam be Prevented?

Social engineering attacks work well because they target the weakest point in an organization’s security: the people. The best way to prevent a phishing scam is to educate your employees by conducting training sessions with mock phishing scenarios. Your security policy should include password expiration and complexity, but also consider adding multi-factor authentication and requiring encryption for all remote working employees.

In addition to the people-focused preventions, also be sure to implement technological safeguards, such as:

  • Deploying a SPAM filter that detects viruses, blank senders, etc.
  • Updating all systems with the latest security patches and updates and keeping them current moving forward
  • Installing an antivirus solution and monitoring its status on all equipment
  • Implementing a web filter to block malicious websites
  • Encrypting all sensitive company information

Find more tips for detecting and avoiding malware in our previous blog post.

What Can ATSG Do to Help?

Implementing a robust cybersecurity system and ensuring it stays up to date takes a lot of effort. Outsourcing that task to a managed IT service provider like ATSG can ease your worries and keep your costs low.

ATSG has the expertise, processes, and technology you need to prevail. Our holistic rediSecure service portfolio spans the complete IT security lifecycle. We’ll help you eliminate vulnerabilities, stop attacks in their tracks, and quickly get you on the path to recovery should your business be impacted. We offer solutions such as Managed Security Services, which provides support for broad technology solutions, architecture, policy, procedures, and capabilities for a modern approach to security operations.

ATSG—Transforming the customer experience through tech-enabled managed services

Today’s choices for mobility, cloud, infrastructure, communications, applications, and operations are mission-critical for small, mid-sized, and large enterprises.

ATSG, Inc., is leading the transformation into technology solutions as a service with our tech-enabled managed services portfolio and a commitment to technology innovation, operational excellence, and client intimacy.

Recognized by industry leaders and industry-leading publications, ATSG has over 25 years of operating history delivering exceptional client experiences that directly result in competitive advantage, cost savings, growth, and improved operational efficiencies.

Visit ATSG.net, email [email protected], call (888) 504-9559, or visit one of our five tri-state locations today for more information.