04Jun

Everyone Has It Wrong. It Is Not Double Extortion, It Is Quintuple Extortion!

June 4, 2021By 0 comment

I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer just encrypting data and how ransomware gangs are more commonly using data exfiltration and the threat of releasing that data to hackers or the public to get paid. An example of a common use for this term is, “A good backup will no longer save you because of double extortion!”

That is true. But it is really worse than that. If only it was double extortion.

Starting in late 2019, the first ransomware gangs started to use data exfiltration as a tactic. They got paid more money more often. Other ransomware gangs noticed and by the end of 2019, 10-15% of ransomware attacks involved data exfiltration. By the end of 2020, that number was over 70%. Now, halfway through 2021, it is over 80%. This means that if you get hit by ransomware, odds are your company will also have a data exfiltration issue to deal with.

Quintuple Extortion

But that is not all they do now. Besides stealing data, cyber criminals are stealing company, employee and customer passwords. It used to be that if they stole passwords, they only stole them to help infect more machines in the same network. Not anymore. Now, their primary goal for stealing passwords is to cause more damage and to do more extortion.

The average malicious ransomware code is hiding on someone’s device or network from a few weeks to nearly a year. I see different figures about how long ransomware dwells without being discovered, but the most common stats I see are 120-200 days. I personally know of many companies where ransomware was inside the network for a year or more. I know of one where the ransomware program dwelled for over three years without being detected. And, yes, over 80% of those victims were running up-to-date antivirus software. Welcome to the new world of ransomware.

Cyber criminals often steal employee passwords because during the ransomware’s dwell time, employees are going to tons of personal websites, for example, their banking website, their stock investing website, their 401K, their medical websites, Amazon to order something, Instagram, Facebook, TikTok, etc. And during all that time, the ransomware program, or Trojan Horse program or script, is collecting all of those passwords. It is the same thing with customers. If you have a website where customers log in, they are collecting those too; knowing that your customers are likely to use those passwords in other places.

Then the cyber criminals contact the employees and customers and tell them what they have, and say, “If you do not pay us, we will release your passwords to hackers!” They tell the employees and customers the only reason they are extorting them is because the original victim company is not paying. This causes reputational and trust issues.

While the cyber criminals are in your systems, they are also reading emails and learning about the business relationships you have with other vendors and trusted partners. And then they send spear phishing emails to them asking them to open malicious documents or to run Trojan Horse programs. The new victims are getting an email from the original victim, who they trust and have an ongoing relationship with. They do not understand why the person they trust is suddenly asking them to open some new document or file, but many do without further hesitation. Boom! They are now ransomware victims, too.

Ransomware attackers also publicly advertise who they have broken into to get maximum pressure on the victim organization to settle quickly. If you were hoping that maybe the ransomware attack did not leak to the media, good luck! They often function as their own malicious public relations firm and send evidence of your compromise to the media. They often post samples of your files just to prove they not only have access, but have your data.

If you are still arguing about paying, the cyber criminals will do whatever they can to get you to pay. One tactic that is becoming more common is that they conduct massive distributed-denial-of-service (DDoS) attacks if you waver early on. So, maybe they only took down your corporate network and maybe your public facing web servers are hosted somewhere else. They will take them down, to try to cause as much pain and suffering as it is takes to get paid.

This is what most ransomware does today:

  • Encrypt your data
  • Exfiltrate your emails, data, confidential information, IP and will post it publicly or give it to your competitors if you do not pay
  • Steal company, employee and customer login credentials
  • Extort your employees and customers
  • Send spear phishing attacks to your business partners from your own computers using real email addresses and email subject lines your partners trust
  • Conduct DDoS attacks against any services you still have up and running
  • Publicly embarrass your company

That’s actually a septuple of problems. If you are lucky, you only get a quintuple of problems. So, when I see double extortion used as a term to describe today’s ransomware, I think, “I wish that was all!”

I started to cover this for the first time in January of 2020 in my webinar called Nuclear Ransomware and in an article I wrote for this blog here.

You need to make sure that the people in your organization who are in charge of defenses understand what today’s ransomware does. It is not just a data encryption problem or only a data exfiltration problem. It is four to seven additional problems that a good backup does not solve. Your primary defense needs to be prevention – which means fighting social engineering and good patching to defeat the majority of the risk.

 

This blog was written by Roger Grimes

READ MORE
03Jun

Two-Thirds of Organizations Plan to Improve Their Cybersecurity in the Wake of Devastating Ransomware Attacks

June 3, 2021By 0 comment

With 81% of organizations believing ransomware attacks will become more prevalent in the second half of 2021, nearly everyone is preparing for the worst to come.

You can’t go a day without hearing about some new ransomware attack, a new cybergang popping up, or the detailed aftermath of a prior ransomware attack being made public. And with last month’s attack on the US’s largest gasoline pipeline, the ramifications of such attacks are now clearly evident – well-beyond just the cost of paying a ransom.

According to ISACA’s latest survey of 1,200 IT professionals, it appears that organizations are waking up to the fact that ransomware is a much larger problem.

  • 46% of organizations consider ransomware to be the cyberthreat most likely to impact their organization in the next 12 months
  • 85% think their organization is at least “somewhat prepared” for a ransomware attack
  • Only 32% believe their organization is “highly prepared”

ISACA recommends the following strategy:

  • Enforced Vulnerability Management to make certain the environment is patched
  • Microsegmentation of the network to prevent spreading
  • Better Security Monitoring to improve detection
  • Offline Backups with a tested recovery process
  • Security Awareness Training implemented year-round

According to ISACA, 38 percent of organizations have not conducted any ransomware-related training for their staff, and yet, even ISACA attributes the “human factor” as one of the reasons ransomware is growing.

We’ve seen massive improvements in organizations utilizing continual Security Awareness Training to not just teach users the basics of “don’t open suspicious emails”, but also consistent update training that includes current scams, social engineering tactics, and phishing campaign themes.

READ MORE
02Jun

New Ransomware Strain Epsilon Red is Reported

June 2, 2021By 0 comment

Researchers at Sophos report finding a new ransomware strain in the wild. They call it “Epsilon Red.” The malware is written in GO, and it was delivered as the final executable payload in a hand-controlled attack against a target in the US hospitality sector.

“It appears that an enterprise Microsoft Exchange server was the initial point of entry by the attackers into the enterprise network,” Sophos said. “It isn’t clear whether this was enabled by the ProxyLogon exploit or another vulnerability, but it seems likely that the root cause was an unpatched server. From that machine, the attackers used WMI to install other software onto machines inside the network that they could reach from the Exchange server.”

Why Epsilon Red? Sophos shares the etymology, which may be news for any not fully au courant with the Marvel universe. In this case the name comes from the threat actors themselves.

“The name Epsilon Red, like many coined by ransomware threat actors, is a reference to pop culture. The character Epsilon Red was a relatively obscure adversary of some of the X-Men in the Marvel extended universe, a ‘super soldier’ alleged to be of Russian origin, sporting four mechanical tentacles and a bad attitude.”

While the campaign uses complex layers of deception, the ransomware proper is, Sophos says, “barebones.” It’s a 64-bit Windows executable, and all it does is encrypt the files in the target system. Other functions, like communication, deleting shadow copies, killing processes, and so forth, have been, according to the researchers, “outsourced” to the PowerShell scripts. The whole Red Epsilon package performs these actions against its targets:

  • It kills processes and services for security tools, databases, backup programs, Office apps, and email clients.
  • It deletes Volume Shadow Copies.
  • It steals password hashes contained in the Security Account Manager file.
  • It deletes Windows Event Logs.
  • It disables Windows Defender.
  • It suspends selected processes.
  • It uninstalls security tools (included tools by Sophos, Trend Micro, Cylance, MalwareBytes, Sentinel One, Vipre, and Webroot).
  • Finally, it expands permissions on the system.

Vulnerable Microsoft Exchange Server instances have been Epsilon Red’s point of entry into victim networks. Patching and other cyber hygiene essentials are matters for human operators, and the more aware, the more alert they are to the consequences of lapses, the better for their organization’s security. New-school security awareness training is never a bad idea.

READ MORE
19May

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

May 19, 2021By 0 comment

Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver malware.

“Our latest Transparent Tribe research confirms that the group continues to create malicious domains mimicking defense-related entities as a core component of their operations,” the researchers write. “During our most recent investigation, we discovered a fake domain, clawsindia[.]com, registered by the attackers. This domain masquerades as the website for the Center For Land Warfare Studies (CLAWS), an India-based think tank covering national security and military issues.”

Cisco Talos also notes that the threat actor is targeting more verticals than usual in the latest campaign.

“While military and defense personnel continue to be the group’s primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations, and conference attendees, indicating that the group is expanding its targeting,” the researchers write.

The researchers add that Transparent Tribe is putting more effort into making its phishing lures more convincing.

“The actors recently deviated from the CrimsonRAT infection chains to make their ObliqueRAT phishing maldocs appear more legitimate,” the researchers write. “For example, attackers leveraging ObliqueRAT started hosting their malicious payloads on compromised websites instead of embedding the malware in the maldoc. In one such case in early 2021, the adversaries used iiaonline[.]in, the Indian Industries Association’s legitimate website, to host ObliqueRAT artifacts. The attackers then moved to hosting fake websites resembling those of legitimate organizations in the Indian subcontinent.”

Transparent Tribe also used HTTrack, a website copying tool, to create identical duplicates of legitimate sites.

“These examples highlight Transparent Tribe’s heavy reliance on social engineering as a core TTP and the group’s efforts to make their operations appear as legitimate as possible,” the researchers conclude.

New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to thwart social engineering attacks.

READ MORE
17May

Paying the Ransom Is Not Just About Decryption

May 17, 2021By 0 comment

I just read that a well-known pipeline company paid $5M to the ransomware hacker group. And despite that, they are still having to use their backups because the decryption process is too slow. This does not surprise me. I also recently read that only 8% of ransomware victims who pay the ransom get all their data back.

But paying the ransom likely means they will be back up sooner than otherwise and it negates a whole lot of other issues. I am not saying every victim should pay the ransom. Obviously, if we keep doing that ransomware will never stop. But if you think paying the ransom is mostly about getting a decryption key then you’re not thinking about ransomware correctly. It’s changed. And paying the ransom is often still the best choice even if you have great backups. Here’s why:

You Still Get More Usable Data

First, the victims that do pay the ransom have an overall better data recovery rate. The same report above that said only 8% of victims that pay the ransom get their all their data back also concluded this, “The researchers found that, on average, victims who pay the ransom recover about 65% of their data, while 29% of respondents said they recovered less than 50% of their data.” So, if you want a better chance of recovering more of your data without recreating it or doing without it, pay the ransom.

Faster Recovery Time

I know many victims who philosophically and ethically refused to pay the ransom. I applaud them. However, many of them were still down or not fully operational far longer than the victims that paid the ransom, on average. I know of many victims who did not pay the ransom who were down months and were still not fully operational nearly a year later. I haven’t heard that from victims who paid the ransom.

Data Exfiltration Is a Huge Worry Now

Over 70% of ransomware now exfiltrates a victim’s confidential data, files, logon credentials, and email before launching the encryption process. Most ransomware gangs spend weeks to months surveilling the victim, reading C-Level emails, and trying to figure out the “crown jewels” of the organization. Then they steal the confidential information and threaten to release it publicly, or to hackers, if they are not paid. A backup is not going to save you.

An organization’s vital, confidential data is released all the time. It happened to DC Metro police recently. The ransomware group got mad because the victim’s initial negotiation amounts were too low. The ransomware group released the vital information on recent police recruits (including their personal identifying information) and internal reports with confidential information I am sure the police would not want released.

Ransomware gangs just want to get paid. They will do whatever they can to the victim…encrypt files, denial-of-service attack them, steal and post information, attack their employees, attack their customers, attack their partners…whatever it takes…to get the victim to pay. Every ransomware group would be glad to not to have do any of these things if meant they would be paid. They are also just as willing to cause as much pain and embarrassment as possible to get paid. And if you don’t pay, they will make it as painful as possible as a lesson to the current and other victims.

And when they attack your employees, customers, and partners, they let them know that the only reason they are attacking them is because the original victim didn’t pay. They say the original victim didn’t care about them and their data enough to stop the ransomware attack and didn’t care about their personal information enough to pay the original ransom. It must cause some reputational issues with the original victim.

What ransomware is doing beyond just encrypting files isn’t new. The new class of ransomware, which I dubbed Ransomware 2.0, started showing up in November 2019. I first wrote about these issues back in January 7, 2020. The only thing that has changed is the percentage of ransomware that started to deploy these additional tactics. Today, it’s over 70% of all ransomware, and it’s likely far higher than that. Heck, if all ransomware does is encrypt your files when it goes off, consider yourself “lucky”.

If you want to learn more about what ransomware is doing today beyond just encrypting files you can watch my webinars here.

Less Likely to Be Hacked by the Same Group Again

One of the biggest questions I get about ransomware is if the ransomware group will hack the victim again even after they pay the ransom? After all, they are criminals, who can trust them? Well, if ransomware criminals re-attacked the victims that paid them, no one would pay them. It’s in the ransomware group’s own best interests to not re-attack the same victims after a ransom has been paid. In fact, most ransomware groups keep track of who has paid the ransom and purposefully avoid them. I’ve heard of victims being re-hit by the same group, complaining to the group that they already paid the ransom, and the ransomware group helping to quickly unlock their files.

Conversely, I’ve heard of a lot of victims who didn’t pay the ransom who were hit again by the same group, but the second time is always much worse – more servers encrypted, more damage, more pain, higher ransom request.

And this is not to say that some victims that paid the ransom don’t get hit again by the same ransomware family. There are unscrupulous ransomware gangs who have no “thief’s honor code”. But it happens more often because the ransomware is being used by multiple “affiliates” and another affiliate accidentally hits the same victim again because they entered through another IP address or business unit of the same company that wasn’t on the ransomware groups “do not target again” list. Mistakes happen. And once the group has successfully hit a victim, again or not, some don’t back down. But it’s clear that the victims that do pay the ransom are usually not hit again by the same group.

What happens far more often is that a victim pays the ransom to one ransomware group and is then, weeks or months later, hit by a completely different ransomware group because they did not get secure enough to keep other groups out. You must close all your vulnerabilities if you want to stay secure. Paying the ransom is not a “Get out of Jail Free” card that all the other ransomware groups will respect. Paying the ransom only gives you that “right” within the same ransomware group. Most victims who pay the ransom will not be hit again by the same ransomware group. That’s the best we can say.

Paying the Ransom Is a Business Decision

Paying the ransom or not is usually a business decision. It even involves figuring out if it is legal to pay the ransom to the group requesting it based on your country’s laws. It is not to be taken lightly. But paying the ransom is about far more than getting a decryption key. You should have already decided ahead of time, before you are hit by ransomware, if you will pay the ransom. That’s senior management and legal decision. But make sure they understand all the facts and ramifications so they can make the best decision for the organization.

Your Only Defense Is Prevention

It is clear that a good backup and even paying the ransom will not protect you if you get hit by ransomware. Your only defense is to prevent it from happening in the first place. It can be done. Organizations do prevent ransomware from getting a foothold in their organization. How do they do it?

First, they focus on the key methods that hackers and malware use to get into most organizations. That means fighting social engineering, better patching, and good password policies. Fighting these three things will do more to prevent ransomware attacks than everything else. Heck, just concentrating on fighting social engineering, far better, will reduce the most cybersecurity risk to your organization of anything you can do. Social engineering and phishing is the number one way that most organizations get compromised by cybercriminals, but most organizations do not focus their mitigations as if that key fact were true.

You need to use your best combination of layered defenses, including policies, technical defenses, and controls, to prevent your organization from being compromised by social engineering and phishing. How can you do that? Glad you asked. You can download KnowBe4’s Comprehensive Anti-Phishing Guide here.

You can download KnowBe4’s Ransomware Hostage Rescue Manual Guide here.

The password policy you should be using is here.

We are in a terrible era where hackers, malware, and especially ransomware, is running amok. It is going to be many years before it starts to get under control. It’s going to take not only better defenses, but a very tough-to-surmount geopolitical agreement. Ransomware will not get under control until the countries that give cyber safe havens to these types of criminals are forced to crack down on them. That is not happening anytime soon.

Till then, your best defenses are to fight with renewed vigor social engineering, better patch, and have a good password policy. Doing far better at these three things will do more to significantly reduce your exposure to ransomware than anything else you can do. Prevention, not backups, are the keys. Make sure management is aware of the changes in ransomware and how data encryption is not the only threat. Management needs to be aware of what paying or not paying the ransom means so they can make their best decision.

As always, fight the good fight!

Credit given to Roger Grimes and The KnowBe4 team

READ MORE
13May

A New Smishing Trojan is Out and About

May 13, 2021By 0 comment

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install a phony, malicious version of Google Chrome. The victims are also asked to enter their payment details, which are sent to the attackers.

“Our team has come across an advanced mobile attack campaign that uses a phishing technique to steal victims’ credit card details and infects them with a malware that impersonates the Android Google Chrome app,” the researchers write. “The malware uses victims’ devices as a vector to send thousands of phishing SMS. Pradeo’s researchers qualified it as a Smishing trojan. By combining an efficient phishing technique, a malware to propagate actively, and methods to bypass security solutions, this campaign is particularly dangerous. We evaluate that the speed at which it is spreading has enabled it to already target hundreds of thousands of people in the last weeks. “

The malware spreads via smishing messages sent from infected phones, which racks up victims’ phone bills.

“Independently, once installed, the fake Chrome app sends more than 2000 SMS per week from its victims’ devices, every day during 2 or 3 hours, to random phone numbers that seem to follow one another,” Pradeo says. “This mechanism ensures a successful propagation of the attack campaign. To stay undetected, the malware hides on mobile devices by using the official Chrome app’s icon and name, but its package, signature and version have nothing in common with the official app. For victims, banking fraud and massive phone bills may ensue.”

The researchers stress that users should constantly be on the lookout for unsolicited messages asking for sensitive information.

“Mobile users should never provide credit card details when it is requested by an unknown sender,” Pradeo concludes. “If uncertain of the source of the request, they should consult their package delivery with the tracking number provided by the carrier, on the official app or the website. Besides, they should exclusively download apps from official stores (Google Play on Android and the Apple store on iOS) and always update them from there.”

It’s a self-propagating scam with a few revenue streams, starting with the chickenfeed charged to release the package-that-isn’t and progressing through various forms of fraud. New-school security awareness training can help your employees recognize social engineering attacks.

READ MORE
08May

Student’s Attempt to Pirate Software Leads to Ryuk Ransomware Attack

May 8, 2021By 0 comment

Bleeping Computer recently reported that a student attempted to pirate an expensive data visualization software, which resulted in a Ryuk ransomware attack.

We’ve seen ransomware distributed in the past with STOP and the Exorcist ransomware, crypto hacks, and information stealing trojans. But this type of attack takes ransomware attacks to a whole other level.

A student’s laptop was gained access, and the student had searched for data visualization software that they wanted to install at home. Instead of buying a legit license, the student proceeded to search for a cracked version and downloaded it. This resulted in an infection with an information-stealing trojan. This included the same credentials that were used by Ryuk cybercriminals to log into the institute.

Ryuk ransomware is not to be messed with. We recently covered a story from a few months ago that a Ryuk strain has a worm-like feature in your Window LAN devices, and the ransomware-as-a-service gang has only gotten more tactical in their schemes.

Unfortunately, this will not be the last time a user tries to purchase cracked software. Continual user education is essential to ensure phishing and ransomware attacks do not occur for your organization in the future. New-school security awareness training can ensure your users are up-to-date on the latest attacks.

READ MORE
03May

Ransomware Operators Threaten to Short Victims’ Stocks

May 3, 2021By 0 comment

The Darkside ransomware operators are now offering to tip off unscrupulous stock traders before they post the names of publicly traded victim companies, the Record reports. The criminals believe this will put more pressure on the victims to pay up. Recorded Future’s Dmitry Smilyanets told the Record that this is the first time a ransomware crew has explicitly made this part of their strategy.

“While other ransomware families previously discussed how to leverage the effect of a publicly disclosed cyber attack on the stock market, they have never made it their official attack vector,” Smilyanets said. “DarkSide becomes the first ransomware variant to make it formal.”

Allan Liska, also from Recorded Future, said that criminals are adapting to victims being less willing to pay ransom. A similar phenomenon occurred over the past two years when ransomware operators began stealing data and threatening to release it if the ransom wasn’t paid.

“We have anecdotal evidence that fewer people are paying ransom, which means ransomware actors have to find new ways to extort money from victims,” Liska said. “We saw that with threats of DDoS attacks last year but those didn’t really seem to work so they are looking for other ways.”

Liska is skeptical that this new technique will be effective, tweeting that “most companies don’t take a noticeable hit in their stock price after a ransomware attack – at least not long term.”

The Record also notes that “any large short bets are most likely to be picked up and investigated by the Securities and Exchange Commission or other regulatory bodies, and not many traders are likely to take up Darkside’s offer for such minimal gains and maximum regulatory risks.”

Cybercriminals are constantly changing their techniques to increase the success of their attacks. New-school security awareness training can give your employees an essential layer of defense against ransomware attacks by teaching your employees how to recognize social engineering attacks.

READ MORE
29Apr

The Darkside Ransomware Group Is the Dangerous Poster Child for Today’s Ransomware-as-a-Service

April 29, 2021By 0 comment

Looking beyond the “older” RaaS threat groups like Ryuk, DoppelPaymer, and Revil, today’s modern ransomware-as-a-service operator is far more business-like and specific in execution.

This now nearly 5-year old cyberthreat model empowers just about anyone wanting to be a would-be cyber-thug to jump in and use some very powerful and sophisticated tools to accomplish what only those with extensive development backgrounds could achieve. Most news stories focus on the more “successful” ransomware families, but a new article from cybersecurity vendor Avast showcases Darkside (a spinoff of Revil from back in 2020) – and it’s worth a read.

The newest trend in ransomware attacks is specificity; industry verticals, business sizes, victim titles and roles, social engineering themes and TTPs – and Darkside as them all.

According to Avast, Darkside is a great representation of the modern ransomware threat group:

  • They refine their victim target list, looking for the greatest ability to pay large ransoms
  • They do a ton of diligence on who to target and customize delivery for each attack
  • Their approach to operations is far more corporate-like than a bunch of developers that built some affiliate-friendly ransomware and posted it to the dark web

The fact that a cybercriminal organization like this exists is troubling; the more organized the bad guys get, the more likely their chances of successfully attacking your organization. And with the added “as a service” factor, this concern should be multiplied ten-fold.

Remember, one of the most effective ways to thwart ransomware attacks using phishing as the initial attack vector is through Security Awareness Training which empowers users to identify suspicious email content before interacting with it, stopping the attack in its tracks.

READ MORE
28Apr

Currently Popular Social Engineering Tactics

April 28, 2021By 0 comment

Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are sending spear phishing emails that impersonate real employees within the organization.

“It’s not easy to defend what you can’t see, and you are only as strong as the weakest link,” said Gerchow. “For example, there have been a plethora of targeted emails coming in that look like they are from your trusted partners but are in fact bad actors posing as employees you may know within your network.”

Gerchow added that attackers are putting more effort into making their social engineering techniques extremely convincing.

“Now we see these long, sophisticated attempts to build trust or relationships with some of our outbound-facing teams whose entire job is to help,” Gerchow said. “The bad actors have even posed as suppliers using our product with free accounts and have gone through use cases and scenarios to engage expertise within our company.”

Oz Alashe, CEO of CybSafe, told CSO that some attackers exploited the pandemic by sending malicious versions of remote work and collaboration tools.

“The threat actors send over a Visual Studio Project containing malicious code,” Alashe said. “The user self-runs the program, and their device is infected pretty quickly. This attack essentially exploits the desire or need to assist or help others with passion projects”

Privacy expert Rebecca Herold told CSO that text message scams are also growing more widespread.

“We are becoming a society where a large portion of the population prefer communicating via text messages as opposed to phone,” Herold said. “People are now extremely used to communicating very confidential types of information via text.”

Gerchow concluded that training is an essential component of a comprehensive security posture.

“Training, awareness, self-reporting, and transparency will be the only way to scale security around these attacks,” Gerchow said. “Security needs to be approachable and of course, log everything.”

New-school security awareness training can create a culture of security within your organization and enable your employees to thwart social engineering attacks.

READ MORE