5. User Education
Technology alone is not going to solve the longstanding problem of social engineering techniques coupled with malicious file attachments. Security firms need to build up a security-aware culture to help recognize phishing emails, said Tom Snyder, president and co-founder of Oakland, Calif.-based Xantrion IT Consulting, which in addition to offering Symantec's cloud-based endpoint protection software, sells email filtering technology via Microsoft Office 365.
Email attachments associated with the Cryptolocker threat are accompanied with Fake Amazon invoice email messages, phony DHL express delivery slips and other common phishing emails that are known to circulate with other malware campaigns, said Malwarebytes' Segura. The attackers have not regionalized or targeted the campaign at any specific group of individuals, keeping the campaign broad in scope, which potentially makes it easier to identify, Segura said.