Why clicking on phishing email links doesn’t always mean imminent disaster


By 

We’ve talked over and over again about just how big of a problem phishing has become. Unfortunately, recent reports suggest that the epidemic is getting even worse. In 2016 alone,

the SANS Institute revealed that 95% of all cyberattacks now begin with spear-phishing; the Ponemon Institute reported 86% of all phishing campaigns/attacks contain ransomware, and just recently, the Anti-Phishing World Group (APWG) discovered a 65% increase in phishing attacks compared to the previous year, totalling 1,220,523 events worldwide.

Also discussed previously, many organizations have turned to employee training and awareness programs to bolster their defense-in-depth strategy, recognizing humans as the first line of defense, but also the most vulnerable to deception. As such, a recent report from Cybersecurity Ventures predicts the security awareness training market to reach $10 billion in revenue by 2027, a 900 percent increase from 2014.

Still, employee training and awareness programs are imperfect on their own. After all, IRONSCALES’ entire value proposition is based on the knowledge that an automatic response to analyze, quarantine and immediately remediate suspicious messages is vital to phishing email security. In other words, to reduce risk, the machines need people and people need machines. 

Clicked on a Malicious Message? Don’t Panic…Yet

There are several explanations as to why clicking on a malicious email link does not always equate to complete disaster. Here is a list of some, but not all, reasons that an immediate response to phishing clicks can help reduce the risk of severe damages:

  • Sophisticated malware now often comes with a delayed execution mechanism built in to help avoid dynamic analysis, such as Sandbox Solutions, which look for malicious patterns and behaviors in an isolated virtual environment. This delay is usually enough time for automatic phishing mitigation, such as IronTraps, to remediate the malicious message before it fully executes it payload.
  • Malware often comes as a lightweight downloader Trojan, a small piece of malware with a purpose to download the real payload, the real malware, once network or device access is obtained. With automatic response technology, lightweight downloader Trojans can be remediated before it has time to download the payload.
  • Malware often starts performing reconnaissance. Meaning, it may simply be injected to study the organization’s network by looking for common services like storage, domain controllers, email servers, etc. In this situation, sometimes it can pass before the Malware decides that it‘s a “real“ organizational environment before injecting its’ venom.

Two other reasons not to panic right away:

  • Most malicious software targets specific endpoint stacks like Adobe 9.7, Win 7 SP3, etc. Therefore, if you aren’t using Adobe and are a Mac user, then you most likely have nothing to worry about.
  • In some situations, the malware infection is determined by a statistical factor that has to do with the computer’s memory at a given time.

Automatic response and phishing mitigation technology is finally being adopted as organizations realize the limitations of relying on people, gateway controls and manual SOC team responses to mitigate risk. However, it’s important for people to understand – if, for nothing more than peace of mind, not every click of a malicious link or download of a dangerous document will end in complete immediate disaster. This is exponentially more true for companies deploying real-time automated response phishing mitigation and remediation technology.

Don’t get me wrong, the situations outlined above are not ideal, and organizations can and should do everything in their power to prevent such events from occurring. The key takeaway, however, is that not every accidental or poor decision made by an employee leads to damage and destruction that is beyond repair. This is especially true for organizations that deploy automatic response phishing mitigation technology that can expedite the time from attack discovery to remediation from days to less than two minutes.

Phishing isn’t going away. In fact, spear-phishing, email spoofing and other forms of social engineering will only get worse before they get better. By partnering with IRONSCALES, not only can you improve your employees’ phishing education and awareness, but you can also elevate their effectiveness and alleviate SOC team burden through automatic response and remediation that consistently gets smarter through machine learning.

So the next time an employee clicks on something they shouldn’t. Don’t panic – we have your back!