New Report on Ransomware: Goldeneye Attack Traces Back to Spear Phishing

January 21, 2020

While there is debate about how the WannaCry ransomware attack in May was spread, it seems fairly clear that yesterday’s Goldeneye attack was delivered via spear phishing. Reuters reported:

An adviser to Ukraine’s interior minister said earlier in the day that the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

A US-based cybersecurity company also looked at logs from its thousands of customers and confirmed the CVE 2017-0144 and that the attack vector was email payload. The CVE’s often change as users patch vulnerabilities, but more often than not the attack vector is a spear phishing email. The is precisely what Graphus found in reviewing third party ransomware data from the past several years.

The Report

The Goldeneye attack just happened to coincide with our scheduled publication of a new report titled, “The Rise of Ransomware. More Companies Are Being Held Hostage. Spear Phishing is Fueling the Epidemic.” What did we find?

  • Ransomware threats have shifted from a consumer to a business focus and
    become a billion dollar industry
  • Ransomware targeting businesses grew 752% last year
  • 93% of all phishing emails contain encryption ransomware
  • More detail on the nature of attacks, the victims and strategies for protection

The Solution

Graphus has developed a novel solution to protect organizations against spear phishing and social engineering attacks. This technology in turn provides a new layer of protection against ransomware. If a spear phishing email is never opened, then the ransomware cannot implant in your network and on your devices. After more than one year of use in live environments, Graphus was shown to correctly identify and eliminate spear phishing emails. Crisis averted.

Most organizations have spent the past decade hardening their network and endpoint defenses. As these protections became more robust, cyber criminals looked for other weaknesses in cyber defenses. The weakest link today is our people. Employees are human and subject to being fooled through social engineering techniques. Spear phishing exploits that weakness. Cyber criminals get a willing accomplice in the attack as employees unwittingly install malware onto their devices and your corporate networks.

The new report outlines three defensive tactics that companies can implement now to proactively combat spear phishing. We hope you find the analysis and information helpful in shoring up your cybersecurity defenses.