The Colonial Pipeline ransomware cyberattack in May of 2021 was one of the most significant ransomware attacks on a United States-based company ever. The cyberattack infiltrated the internal computer systems of the Colonial Pipeline Company, and as a result, the company halted all operations to try to contain the attack – causing people to panic buy gasoline and a regional emergency declaration for 17 states and Washington DC. With the help of the FBI, Colonial Pipeline ended up having to pay 75 Bitcoins or 4.4 million dollars (kinda kicking myself for not investing in bitcoin when I had the chance, honestly) in ransom to get their systems back online and get fuel moving again.
Cybersecurity and all the terms that go along with it can be really confusing, especially with words floating around like ransomware, malspam, malware, Trojan horse, bots, and more. So, I asked our Vice President of IT, Brian Prichard, for a little more insight into the matter and advice on how you can protect yourself and your business from these sorts of attacks – because big companies aren’t the only ones getting targeted.
According to Brian, being knowledgeable about how you could be opening yourself up to these viruses is the most important factor and is key to the prevention of these types of attacks – after all, the most common method to spread malware is through email – and that’s where the weakest link in information security comes into play: human error.
First, let’s go over some of the more common, everyday terms you might hear.
- Malware is software designed to interfere with a computer’s normal functioning. Sort of a catch-all term for anything malicious that could “infect” your computer. Example: You click on a link someone sends you, and you suddenly get a million NSFW popups, and you can’t use your computer… that’s malware.
- According to HP.com, viruses cost over $55 billion worth of damage each year. Viruses self-replicate by inserting their code into other programs and corrupting everything, rendering it useless.
- In school, you probably learned about the famed Trojan Horse that the Greeks used to enter Troy during the Trojan War. A Trojan Horse, in computer-related terms, is essentially the same thing – it is a piece of malware that disguises itself as another program to gain access to your computer. Once inside, it then gets to work. Ransomware is the most common type of malware delivered by a Trojan Horse.
- As you’ve probably already guessed, ransomware is a type of malware that encrypts files on a device and renders any files, and the systems that rely on them, completely useless. The individual or organization that initially placed malware on a device will demand a ransom to decrypt that device. Ransomware is the latest most popular threat and is quickly becoming the most lucrative – meaning it’s not going away anytime soon. Hacker groups are most likely to use ransomware to get what they want: money.
- Some other types of malware might include:
- Adware – Popups! They automatically display or download often unwanted advertisements.
- Spyware – Software that secretly records information about another person or organization’s activities on their computer. Spyware is used to steal information like credit cards, social security numbers, passwords, and more.
- Worms – Worms replicate themselves to spread to other computers – they do this to deliver malicious software, delete or corrupt files, or even just replicate itself enough that it takes up hard drive space and bandwidth.
- Rootkits – Like spyware, rootkits are a tool that allows hackers or other unauthorized users to gain control of your computer without being detected.
- Backdoors – Used to secure access remotely to a device, backdoors will bypass encryption on a computer.
Recognizing Fake Emails
Remember what Brian said about email? Malware Spam, or Malspam, is a spam email that delivers malware – and is typically the most common form of delivery for these types of programs to get into your system. Usually, these include infected attachments, phishing messages (messages usually with links looking for you to enter your username and password on a fake website), or malicious URLs. You can even receive malspam through an unsecured, infected website (you can tell if the website you’re visiting is secure or not by checking to see if there is a little SSL certificate lock icon next to the web address – all SAGE websites have one!), removable devices (like a USB), downloading suspicious files, and downloading infected pieces of software.
In fact, malspam is getting so sophisticated, it’s getting tricky to see what it looks like! So, I pulled a few examples from my own personal email to show you.
This is my junk inbox – beyond our regular inbox borders, we must never go there, Simba. As you can see, there are some obvious phishing emails in here – like the ones with different characters in the subject line or fancy font. But let’s take a look at this one from Venmo – it looks innocent enough from the subject line (and who doesn’t want $500?).
Inside, we can see that something is definitely weird – the formatting is off, it looks like it was optimized for a desktop rather than my phone. Let’s take a closer look to see how we can tell that this is a fake email.
The first thing that I notice (and maybe that’s because I write for a living!) is that the spelling and grammar are incorrect in a few spots; the biggest ones are that both “congratulations” and “here” are misspelled. There is also inconsistent capitalization and punctuation – Venmo is a very large company; they will ensure that their grammar and spelling are correct before sending out an email like this.
The next red flag is where it reads “this message was sent from a trusted sender” at the top – this is most likely to trick whoever opens this email into a false sense of security. I know, however, that most applications, whether it’s Outlook, Gmail, or Apple, will not have this at the top of their emails – if they do, it will not be in the body of the email.
Lastly, and maybe this is just me being weirdly observational – but typically, in an email like this, the header would not have the name of a large company just typed out – they’ll have an official logo.
But what if we’re not sure about an email – because it looks legit? We can check the email address. In this case – once we go into the contact page, we can see that this is definitely not an email from Venmo. An official email from a legitimate company would absolutely not have a string of random numbers and letters as their email address or domain.
Let’s compare it to a real “money received” email from Venmo. I asked the excellent Caitlin, one of our marketing coordinators here at SAGE, to send me a $1 because while I have Venmo, I don’t actually use it all too often. But we can already see a big difference in the subject lines. For starters, there is more information – like who is sending me money and the time it was sent.
When we open the email, we can see that again, there is a lot more information. Venmo deals with money – so there is a lot of legal jargon and contact information included in this email that’s missing from the fake email. I also didn’t notice until the emails were side-by-side on my computer screen that the shades of blue are different. Of course, the logo at the top of the official email is centered and not just typed in.
When we look at the email address, we can see that it’s not just a stream of numbers and letters but actually does come from an official email.
Additionally, these types of hackers will often use scare tactics and try to trick you into thinking something is wrong with your account, ticket, reservation, or order. Some of these include:
- Bank Websites – They’ll often say your account is in danger of being closed, you received a significant transfer of money and have to confirm (like our Venmo one above), or someone is trying to hack your account.
- Shipping Companies – They will say that your package was undeliverable but will not provide a tracking number. They will usually target around busy shipping times like the holidays.
- Hotels – Since we’re an industry on the go – we book a lot of hotels! These emails might say there is something wrong with your reservation or the credit card used to book the hotel. Speaking of hotels, be wary of using hotel business centers! Business center computers can contain malware – if you have a USB and need something printed off using the business center, that malware can infect your USB and then infect your computer once you plug it back in later.
- Airlines – Much like hotels, nefarious people will send emails suggesting something is wrong with your flight or payment and request you to “use the link below” to update it.
- Retail Websites – Often impersonating big companies like Amazon, Walmart, or Target – these types of emails will tell you that there was something wrong with your payment, your order, or shipping address and ask you to click to update your information.
If you’re still not positive whether an email is real, ask for a second opinion and go to your IT department! If you receive an email like this, the best way to see if it’s legitimate is to physically go to that company’s website yourself by opening up your web browser and typing in the URL manually to log in. Don’t click on any links or buttons in the email itself.
The same goes for opening attachments in emails – if you’re not expecting one, don’t open it. Double-check with the sender that they genuinely meant to send it, and if you’re still unsure – always check with your IT department.
BUT, what do you do if you accidentally click on a link and quickly realize you aren’t sure of the legitimacy of the email? Brian says to shut down your computer immediately and call your technical support – they will know the best way to deal with this sort of situation.
And that’s where we will pick back up for part two of Cybersecurity Awareness, where we talk about prevention, how to speak to your team about cybersecurity to make sure they’re aware of the dangers, and more. Keep an eye out for it right here on the SAGE Blog – subscribe to make sure you don’t miss it!