In the aftermath of the Colonial Pipeline cyber attack, many businesses are reevaluating their security protocols and implementing new procedures to help them recognize and respond to ransomware attacks. While not all attacks can be prevented, minimizing your exposure and recovering quickly is key to protecting your business’s data and reputation.

What is an Account Takeover (ATO)?

Ransomware attacks like the one used against Colonial Pipeline are increasingly common and surprisingly easy to execute. Hackers use social engineering tactics to execute an account takeover (ATO). A common type of ATO attack is Business Email Compromise (BEC), which involves using deceptive tactics to gain control of an email account, often for the purpose of extorting funds or sensitive information. The attackers start by trolling public profiles of company employees, sifting through their Facebook or LinkedIn pages to find personal information such as birthdays, spouse’s and children’s names, and affiliations. Then, they send a deceptive email to a target to phish for the employee’s login credentials. Once the cyber criminals establish control of the employee’s email account, they set up masking and forwarding rules to hide their email activity in the compromised account, and work to gain control of the company’s computer systems.

Another way hackers gain access to systems is by sending a legitimate-looking email that prompts the recipient to click a link. After clicking, malicious software is installed on their computer without their knowledge. Once the employee’s computer is compromised, cyber criminals can track activity and gain access to the company’s computer systems. In the case of ransomware attacks, the perpetrators can restrict a company’s access to proprietary data and threaten to publish or destroy the information unless the ransom is paid. Mitigate the risks posed by ATO and ransomware attacks by ensuring you have sufficient employee training and security protocols in place.

Educate Employees on ATO

Since ATO attacks hide behind the appearance of a legitimate email account, they are notoriously difficult to combat. As savvy cybercriminals invent new ways to execute account takeovers, companies should proactively educate employees on how to recognize this threat to minimize costly fallout. 

ATO attacks often involve communication between two companies, such as a third-party vendor and the business it serves. As an example, a hacker may compromise a vendor employee’s account, impersonate the trusted contact via email, and attempt to gain information to breach the target company’s computer system. In many cases, there is no perceptible difference between an authentic communication and one sent after an account takeover; the phishing email appears to come from the vendor’s email address.

Certain security protocols can help reduce this risk. Educating employees on your established email security practices is a necessary part of preparing your company for potential attacks. Chapters of professional societies and industry associations often hold seminars and trainings on these topics. Also consider seeking professional IT consulting services to establish a formal, ongoing security training program for employees.

Establish and Monitor Best Email Security Practices

In addition to a strong employee training program, manage your risk by implementing the most up-to-date email security systems and performing ongoing monitoring for threats.

Keep in mind that legacy email security tools, such as DMARC, DKIM and SPF systems, rely on known attack signatures to recognize potential attacks, so they are not the best suited for detecting ATO attacks that impersonate a trusted email account. Implementing a preventative measure such as multi-factor authentication (MFA) is one potential solution. The best course of action is to consult with an IT security expert about the right email security tool for your business and how to strengthen your email security protocols.

While shoring up your defenses in house, be on the lookout for potential cybersecurity threats to arise in your extended network, too. To avoid unnecessary risk, it’s important to work only with vendors and other third parties that take security seriously and mitigate risks with appropriate email security solutions, policies, and procedures. 

Investing in email security now will pay off in the long run, particularly as ransomware, social engineering and ATO attacks become more widespread in our digital age. Secure systems mean less time and resources wasted managing breaches and more confidence in your brand.

Enlist the expertise of TeamLogicIT for help administering a cybersecurity education program, reducing your ATO exposure, and responding to any security concerns that arise.