MSPs are all too aware that online threats are growing at a ferocious rate, and they clearly understand the importance of using next-generation endpoint protection solutions to combat today’s daunting volume, variety and velocity of new cyberattacks. Of course, the technicians employed by these MSPs also know to exercise caution when confronted with suspicious emails, online ads and the like to avoid becoming victims of a malware attack.
Unfortunately, that degree of caution is less commonplace in the general public, not to mention in the typical MSP’s clientele. In a wide-ranging conversation between Webroot Senior Threat Research Analyst Tyler Moffitt and Penton Technology analyst Ryan Morris, the topics included ransomware, a concept Moffitt dubbed “the savvy index,” and how cybercriminals are specifically targeting less technically adept end users.
After discussing the growing role of zero-day exploits in delivering ransomware payloads, Morris asked Moffitt, “Within your research, are you seeing any trends in terms of the kinds of businesses that are targeted by ransomware, the kinds of users that get into it and who needs to be paying attention to this?”
Moffitt’s response revealed a troubling sophistication in the targeting strategies employed by current cybercriminals; “Frankly, all businesses are susceptible to phishing as a threat, which ultimately leads to ransomware, but, yes, we do have some trends. In fact, we recently came across a surprising one in the technology sector. Yahoo has now displaced Google as the No. 1 target for phishing, which is odd because there are obviously many more Google users than Yahoo users. But I'm guessing that there is an index among these malware authors, determining whether a given malware target has savvy users.”
He went on to explain, “They know that Yahoo users probably don’t score as well on the 'savvy index’ as Google users, on average. Of course, there’s a spectrum for both, but they realize a higher percentage of Yahoo people may fall for phishing attacks. So the malware authors are just going to trawl the pool where they’ll get the highest number of bites.”
This phenomenon of phishing the most vulnerable pools crosses into other market sectors, as well. Moffitt pointed out, “In the financial industry, we saw Wells Fargo just recently become the No. 1 target, displacing PayPal, which has always held the top spot. The malware authors have obviously determined the savvy index for Well Fargo customers is lower than that of Paypal customers, and, as a result, they’ve trended toward targeting Wells Fargo patrons.”
What’s more, cybercriminals are even applying this “savvy index” principle to their selection of social media victims, according to Moffitt. “Facebook has been the No. 1 target for social networking, and LinkedIn second; it’s been that way for years. But just recently, we noticed Christian Mingle has, for some reason, become second. I’m guessing malware authors had an index that showed a lot of Christian Mingle users are vulnerable to phishing attacks, so they’re now the second-most-phished social networking site.”
The implications of this targeting trend are particularly compelling for MSPs, who are constantly challenged to protect their clients. As Morris observed, “The savvy index is a very important concept, and I'm interested in all the ways we can apply it to the sophistication of our customers at an organizational level, or even down into the individual users. The guys in the IT department probably aren’t going to click on things that are inappropriate, but if we get into sales, if we get into customer service, a call center, a very large volume of less-savvy technical users across different end customer organizations, there’s an entirely new dimension of vulnerability.”
To help combat these more focused attacks, MSPs like you should proactively teach your customers how to foil phishing schemes—not opening emails from unknown senders with attachments or links, knowing how to spot suspicious emails even when they look like they’re from known senders, etc. The bad guys are becoming increasingly adept at targeting technically challenged users, so boosting your clients’ “savvy index” is more important than ever!
Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk free trial. You don’t even have to uninstall existing security. Want to learn more about how Webroot partners with MSPs to delight customers, lower costs, and boost profits? Learn more.
Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.