Black Friday is Phishing Friday for Cybercrime

As employees around the world look forward to Friday and the imminent weekend, so it seems do the scammers, hackers and cyber-gangs. 

Research out from Cyren shows Friday is the peak distribution day for spam and malware, with almost 4x more malware than Mondays. The theory is that when employees take their laptops home over the weekend, they no longer benefit from the security measures put in place by their employers. Protection that only functions when behind a firewall on the company network.

Friday is the peak day for spam and malware.
Friday is the peak day for spam and malware.

Black Friday – the now global fraud phenomenon following Thanksgiving in the US – is set to be worse still, as vast numbers of employees begin their online festive shopping.

As employees click links in email, open attachments and surf the web unprotected via public unsecured Wi-Fi or their home network, they allow malware onto their machines that can then make its way onto the wider corporate network when they logon on Monday.

By then it could even be too late. With the mean time-to-click on a phishing email being 1 minute 22 seconds according the latest Verizon Data Breach Investigations Report, an attack could have already been successfully executed before the weekend is even over. Employees may have already had their credentials harvested, or been duped into giving away other valuable IP or data for sale or extortion.

So how can cybersecurity pros overcome the challenge of Monday morning security alerts and attack containment? With the right security measures in place, organizations can ensure that laptops along with tablets, cell phones and other devices, are protected both on and off the network. With 95% of breaches starting with an email-based phishing attack, ensuring appropriate email security is in place is a logical place to start.

So what kind of protection is needed? Cloud-based email security provides the most up-to-date defense against constantly changing threats. It allows protection to follow the employee across all devices no matter where they connect or access work email.

Email-borne attacks typically use malicious URLs or weaponized attachments to deliver their malware payload, so protecting both these vectors is key. Link rewriting with real-time, on-click analysis is the best form of defense against links that point to malicious web content. A system should always rewrite all inbound links and check the destination site every time the link is clicked to protect against delayed exploits.

Weaponized attachment-based attacks are best halted by the latest cloud-based sandboxing technology that delivers deep inspection of files. The sandbox must also be able to detect the sophisticated evasion techniques increasingly used to try and bypass sandboxes.

There’s another option here too in the form of attachment transcription to a safe file format. For example, a Microsoft Word document with a malicious macro is converted to a safe PDF format, a process that removes the malicious code. This alternative to traditional sandboxing means emails and files are delivered to recipients without the typical delay of a sandbox, and is arguably a more thorough process that is not susceptible to evasion.

Email-based security protection should be paired with web security to extend reach beyond email too.

Cybercriminals that write and distribute malware work and operate like businesses too, ‘shipping’ their code before they pack up for the weekend and watch employees fall victim to their exploits. By taking precautions like those we’ve described, and continuing to make employees more vigilant and aware of what to look out for, your organization will be better protected against potential ‘weekend weaknesses’.

You can learn more about advanced email attacks in our recent whitepaper: Countdown to Compromise: The Timeline of a Spear-Phishing Attack.

Find out more about Mimecast Email Security with Targeted Threat Protection against both URL and attachment based attacks on our website.