Three Take-Aways from This Month’s Phishing Attack on Turkish Financial Institutes

This month cyberattack on selected Turkish financial Institutes hasn’t come as a surprise to many security officers.
These kinds of attacks have become more common, but by looking at this event as an example, we can gather some actionable insights into Phishing Prevention that applies to many other industries:
1. Hackers’ quick response to developing new malware: The malware in this attack leverages a vulnerability in Adobe Flash.
It was publicly identified at the end of January, which implies that hackers worked quickly to exploit the flaw by developing specific malware.

First Takeaway – Hackers will find an unpatched system and will be able to provide the undetected payload. The only viable defense is changing the way users react to phishing attacks, and allow employees to compensate for the head start hackers have when using zero-day exploits.
The second Takeaway – Respond quickly, adapt your training efforts, and promptly respond to market threats. By taking on a real-time phishing attack and integrating it as part of your continuous training efforts, you can protect your organization from similar attacks and keep your employees engaged and ready for future attacks.

2. Phishing is THE vehicle: Hackers lure their targets with spear-phishing emails containing information on relevant and intriguing subjects, making automated detection more difficult. In this attack, the attached file was named Agreement.docx and its subject line was cryptocurrency. Sent to financial institutions these kinds of emails are meant to both arouse less suspicion amongst filtering systems and end users.

Third Takeaway: Help employees become part of the solution, not the problem. Over 90% of cyber attacks use phishing as the primary way to reach and enter an organization’s internal network. Reducing risk from phishing now will lower future attacks. In 2018, phishing prevention is a must. Cover your bases to make sure that your employees know what to do in cases of suspicious emails.