What is Spear Phishing? Definition, Risks, Examples, Types, Prevention
May 4, 2024Ransomware Attack on The Edinburgh Festival Fringe Society
Non-profit organizations are attractive targets for cybercriminals. Constrained security budgets, ageing infrastructure, ideological opposition, and the presence of monetisable personal data all raise risk. The January 2022 ransomware incident at the Edinburgh Festival Fringe Society qualifies as a zero-day malware attack under ITU-T X.1236 (7.1.1). This article reviews that case, maps it to the relevant clauses of the international email-security standard, and outlines proactive countermeasures that non-profits can adopt.
1. Overview
Non-profit organizations are prime targets for cybercriminals for several reasons. First, they often lack the resources to maintain dedicated security teams and operate with outdated technological infrastructure that is relatively easy to breach. Most non-profits face constraints on funding security efforts. Since revenue is typically allocated to advance their core mission, limited budgets remain for maintaining robust firewalls or strengthening IT security systems. This leads to weakened systems, making both information and funds vulnerable to attacks. Adrien Ogée, Chief Operating Officer of the CyberPeace Institute (a Switzerland-based non-profit offering cybersecurity support to NGOs), states, “Non-profits have one of the lowest levels of self-protection within the industry.”
Non-profit organizations also face threats from ideological actors, such as political or extremist entities, beyond financial motives. Due to the diverse philosophies within non-profits, they become targets for threat actors driven by opposition to their ideologies, who seek to disrupt operations. Additionally, valuable resources, billing, and medical data possessed by non-profits are lucrative targets on the black market. Given that every non-profit relies on donors, donor vulnerabilities serve as potential entry points for attackers.
Ransomware attacks on non-profits have significant impact and carry substantial consequences. According to the 2023 UK Government Cyber Breach Survey, 24% of charities reported experiencing a breach or attack in the past 12 months. Beyond financial implications, these cyberattacks have a severe impact on the operational capabilities of non-profit organizations. Adrien Ogée notes the growing realization among threat actors regarding the significant lack of security funding and support within non-profits. “Non-profits, with their limited ability to protect themselves, are becoming increasingly attractive prey for criminals,” Ogée adds.
2. Attack Case Analysis - Attack Type
To effectively identify phishing emails, understanding various attack types and the intentions of threat actors is crucial, along with implementing proactive security measures outlined in the International Telecommunication Union (ITU)’s international email security standards. These globally recognized standards, registered with the ITU, serve as a credible framework. This analysis examines real cyberattack cases on non-profit organizations based on these international standards and provides insights into identifying attack types and implementing proactive responses.
Case: Ransomware Attack on The Edinburgh Festival Fringe Society in January 2022 - Malware Email Attacks (Zero-day Malware)
In January 2022, the Edinburgh Festival Fringe Society fell victim to a ransomware attack, resulting in £95,000 worth of damage. The attack rendered the organization unable to access critical internal archives spanning 20 years, including HR, financial, media, and marketing records. The ransomware note, attributed to the Russia-linked Conti gang, was delivered via email, demanding $15,000 to regain access to the network. The organization refused to pay, leading to recovery costs of approximately £65,000, with half covered by insurer Chubb. This cyberattack caused severe economic damage, requiring several months for full recovery.
The email security standard categorizes this attack as [7. Threats for targeted email attacks – 7.1 Malware email attacks]. This involves ransomware containing malware that threatens to access, damage, or delete files and programs within the victim’s computer system. Although the standard does not specify whether the ransomware note is delivered through a URL or an attachment, it aligns with the characteristics of zero-day malware.
According to [7.1.1 Zero-day malware], the standard defines this as:
An email sent with an attachment or clickable link carrying malware exploiting zero-day vulnerabilities, making it undetectable by security systems. This malware entices users to click, ultimately gaining access to, damaging, or deleting files and programs within the victim’s computer system.
3. Attack Case Analysis - Solution
We often tend not to notice details when we’re busy, especially when situations don’t seem like significant problems. It is too cumbersome to request busy employees to perform a detailed forensic analysis to verify email legitimacy. So, how can organizations protect themselves from these scams? Effectively countering phishing emails involves analyzing sender information in advance, issuing warnings to users, and proactively responding to potential attacks. This requires compliance with [Security requirements for countering targeted email attacks] and [Countermeasures for targeted email attacks], as outlined in clauses 8 and 9 of international standards.
First, to effectively respond to zero-day malware attacks, organizations should comply with the security requirements outlined in [8.1.1 Security Requirements for Countering Zero-Day Malware Attacks]. The following steps are recommended:
Step 1: Implement behavior-based analysis to counter new malware threats. This is crucial for detecting viruses not registered in established patterns.
Step 2: Report behavior descriptions of newly discovered or detected malware through manual or automated processes. This reporting mechanism ensures a timely response to emerging threats.
Reflecting these security requirements, organizations can proactively respond to zero-day malware attacks by implementing solutions specified in [9.1.1 Countermeasures for zero-day malware] within the international standard. These countermeasures include:
- Through malware classification management, security administrators can configure emails verified as unable to transmit malicious files and viruses, even if users request resending such emails.
- Multiple analysis tests detect unknown malware not captured in primary testing, utilizing a combination of static and dynamic approaches. Test results can be categorized as ‘forgery’, ‘memory access’, ‘hooking alerts’, ‘file creation’, ‘file deletion’, or ‘running processes’.
5. Conclusion
In the digital age, data is as valuable as physical assets. As hacking techniques evolve into increasingly sophisticated forms, awareness and vigilance are crucial in preventing cyber threats. Non-profit organizations, often attractive targets for cybercriminals, must defend against attacks through robust security policies and education on international email security standards. Email security standards offer a comprehensive framework, providing both security requirements and solutions to combat various email attacks. Staying informed about these standards and continuously assessing email security by them represents a proactive approach against advanced hacking techniques. Initiating compliance with international email security standards can begin with a diagnostic evaluation through Mail Inspector.
6. References
<Security requirements and countermeasures for targeted email attacks>
https://www.itu.int/ITU-T/recommendations/rec.aspx?rec=15710&lang=en
<Email-based Attacks Against Nonprofits Are On The Rise. Is Your Organization Vulnerable?>
https://blog.techimpact.org/email-based-attacks-against-nonprofits-are-on-the-rise.-is-your-organization-vulnerable
<Ransomware Attacks on Nonprofits: Rarity or Regularly Hidden?>
https://www.asisonline.org/security-management-magazine/articles/2023/07/nonprofit-security/ransomware-attacks-on-nonprofits
<Nonprofit Cyber Attack Case Studies and Solutions>
https://blog.techimpact.org/nonprofit-cyber-attack-case-studies-and-solutions
<How Nonprofit Cyber Attacks Really Happen>
https://blog.techimpact.org/how-nonprofit-cyber-attacks-really-happen
<Nonprofits and Cyberattacks: Key Stats That Boards Need to Know>
https://www.boardeffect.com/en-gb/blog/nonprofits-cyberattacks-key-stats/
<BASIC CYBERSECURITY HYGIENE MEASURES COULD HAVE PREVENTED RANSOMWARE ATTACK, SAYS EDINBURGH FRINGE FESTIVAL BOSS>
https://eventsbase.co.uk/basic-cybersecurity-hygiene-measures-could-have-prevented-ransomware-attack-says-edinburgh-fringe-festival-boss/
<Philabundance falls victim to cyberattack, loses almost $1 million>
https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/
<Non-Profit Out $923,000 After Business Email Compromise Scam>
https://www.happierit.com/knowledge-center/breaches/philabundance-bec-scam
