Recent research reveals that ransomware hackers are increasingly impersonating big brand technology companies to breach enterprise networks. Specifically, those impersonated are often application providers such as Microsoft, with attackers masquerading as recognizably branded partners to phish unsuspecting SMB victims. Digital service systems – namely PayPal – that have expanded into the B2B space are also quickly gaining on and even surpassing many business suites as the vehicle for phishing malware.
Top Brands Used for Impersonation Phishing
Speaking to PYMNTS, Chief Solution Architect Adrien Gendre of Vade Secure claimed that hackers mimicking trusted brand names highlights a growing trend among phishing. Cybercriminals have historically relied on the mixture of faith and compulsion potential victims have when responding to messages that proclaim to represent a recognizable service. This can include a big corporate name as well as a government agency, the latter of which often generates an even greater urgency to respond.
According to Vade Secure, Microsoft saw the most popularity for being impersonated in Q4 2019, but PayPal saw the biggest increase overall last year. Given that the platform has extended its services into the B2B market, cybercriminals can take advantage of the decreased scrutiny for wire transfer or account credential requests. However, Microsoft’s sudden surge correlates with a similar ransomware rise and may also result from Office 365’s potential as a vehicle for malware, meaning that a data breach can grant control of a network to a smart hacker.
Business Email Compromise Used for Ransomware
Ransomware became the most commonly reported malware threat in 2019, and is expected to turn even more dangerous in 2020. Though trends have varied between frequency and ransom volume, there have been more and more cases of targeted spear-phishing campaigns used to deploy malware, especially ransomware. The evolution of breach, infection and ransom payment models seem to reflect a significant growth among hacker circles – in other words, some have gotten smarter about how they work.
Given that in 2018 business email compromise (BEC) was successful more often against employees of smaller companies, SMBs will likely face new phishing campaigns in the near future. The potentially crippling costs of downtime combined with lack of access to serious cybersecurity resources makes smaller businesses much easier targets for hackers. Compared to the damages from exposed data and unusable networks, whatever ransom they ask for will probably seem reasonable to the victim.
Watch Out for More Ransomware Threats in 2020
Ransomware infections increased by 41 percent in 2019, according to the New York Times. While phishing and business email compromise are not new, the network breaching possibilities are being increasingly leveraged by enterprising hackers that see a golden opportunity to make easy money.
Download our latest Ransomware Report to learn which trends to watch out for and how to better protect your vital data.