Ransomware attacks are a huge issue today, and one of the reasons is that malicious actors are finding a way through security defenses to penetrate systems. In most cases, the way they are getting in is through a successful phishing attempt.

Cybersecurity researchers at FortiGuard Labs have seen a noticeable uptick in the sophistication of phishing attacks, a troubling development given the recent impact of ransomware exploits on energy supplies and basic commerce.

“Every attack seen in the last 16 months usually has a phishing component, and over the last couple of weeks we’ve seen some really sophisticated attacks,” said Aamir Lakhani (pictured), cybersecurity researcher and practitioner at FortiGuard Labs. “These are attacks against industrial control systems, against critical infrastructure, against large corporations and government entities. Attackers are going back to the well and making it more effective and more sophisticated than it ever used to be.”

Lakhani spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed techniques used by bad actors to breach systems and what users can do to protect themselves and their organizations. (* Disclosure below.)

Targeting HR functions

One of the ways the attacks have become more sophisticated is by playing on the emotion and speed of the user. Many people are conditioned to multitask by using different platforms and technologies, moving through multiple websites and clicking on links throughout the day in an online blur.

When coupled with a post-pandemic world where many people are either looking for jobs or businesses are looking to staff up again with some urgency, the situation is ripe for mistakes to be made.

“Now they are actually targeting organizations and what you do as a job,” Lakhani said. “I’ve seen phishing attacks against Human Resource departments. ‘I want to apply for a cybersecurity position and, by the way, my resume is encrypted so please click on this link to see a secure version.’ In reality, when they click on that button, it’s attacking their machine and getting into their organization.”

To protect against this tidal wave of phishing attempts, Lakhani advises that people slow down the pace and check links more carefully. Up-to-date security tools and training in what to look for can be an asset as well. Fortinet makes over 30 of its self-paced courses available for free and plans to continue this beyond 2021.

“The thing we can do to protect ourselves is to slow down,” Lakhani advised. “Make sure your security products are up to date, make sure they are installed, and make sure your patches are current. Training opens up your eyes to understand it’s more than about emails; it’s about every way we can use technology.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE