The Paubox Zoom social mixer for May 2024 was a roundtable discussion between Paubox customers covering topics like ransomware, new cybersecurity threats, ExecProtect tips, and DMARC best practices.
What happened:
In keeping with our new format, we kept this social mixer open-ended rather than focused on a specific topic. Much of the conversation revolved around two topics - Paubox Texting and a pre-ransomware malware named Gootloader.
The mixer began with a harrowing tale of a nurse who downloaded a legal document that contained Gootloader. Darktrace explains, "The Gootloader malware is known to infect networks via search engine optimization (SEO) poisoning, directing users searching for legitimate documents to compromised websites hosting a malicious payload masquerading as the desired file."
What made the incident described so fascinating is that a DHS agent involved mentioned common vectors for malware like this are often legal documents and Indeed or LinkedIn resumes. Gootloader is pre-ransomware designed to prepare a computer system for a future ransomware attack. For example, the malware might install a backdoor, disable security measures, or harvest credentials.
The Paubox team demoed the latest Paubox Texting features, including the new user interface and replies. This spurred ideas around use cases and fantastic feature requests.
The final topic mentioned was the NSA's new DMARC recommendations to mitigate North Korean spearphishing attacks.
Go deeper: DMARC best practices according to the NSA
Our takeaways:
- Gootloader is often distributed via LinkedIn resumes or legal documents online.
- The way the virus is written, the existing antivirus would never have picked it up.
- The new user interface in Paubox Texting allows providers to text patients from their dashboard individually.
- People expect a fast answer with text messaging.
- Automated text reminders for appointments are a winning strategy. The success rate on a phone call is low for reminders.
- There's a need to send a text message to multiple people, for example, if a doctor needs to cancel appointments for the day.
- Using text messaging for rescheduling is a desired use case.
- Scammers are using fake job postings to scam people.
- Most Paubox customers who use ExecProtect prefer to monitor the quarantine for their company.
- The NSA's DMARC recommendation is, at a minimum, p=quarantine or p=reject.
- Most attendees prefer p=reject for ease of management.
- You can apply DMARC rules to a percentage of emails. This allows you to get a sense of the impact before applying it to 100% of emails.
The bottom line: Paubox customers use a broad range of tools and strategies to keep their email HIPAA compliant, protect their organizations, and find efficiencies.
See also: Our playbook for Zoom social mixers
See also: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
