We’ve all become better at spotting phishing attacks, especially when they hit our inboxes. In fact, only 2.9% of employees click on phishing emails now. Yet, news of successful cyber attacks is still making headlines – highlighting how sophisticated some multi-pronged phishing schemes have become.
Five commonalities major phishing attacks share
Phishing can be approached from a variety of directions, employing an ever-growing range of attack tactics, techniques, and procedures (TTP), similar to a choose-your-own-adventure book. Layered protections are essential since what deters a phishing attempt one day, might not deter it the next.
Cyber defenders will be at an advantage by knowing when and where to concentrate their efforts. In this piece, we’re going to investigate five trends seen in recent well-known phishing attacks, while relaying advice from our CyberArk Labs and Red Team on how to reduce cyber risk.
1. Using social engineering to locate people employed by particular tech companies
According to a recent study of security leaders, security awareness training is the second-best defence-in-depth method for preventing ransomware, often delivered through phishing techniques.
To prevent employees from falling foul to targeted attacks, security-conscious behaviour must be integrated into business culture. To do this, and keep staff members abreast of evolving social engineering and phishing attack strategies, hold regular training and education sessions. Think about adding phishing exercises to this training. Additionally, check that your spam filters are functioning properly to stop the flow of shady emails, mass mailings, and unsolicited marketing materials from getting to employee inboxes.
2. Identity compromise through network entry using stolen first-factor credentials. For instance, by focusing on cached passwords kept in users’ browsers or by a man-in-the-middle (MitM) assaults that intercept passwords
User phishing cannot always be avoided by awareness programmes, especially as they become more sophisticated in nature. When deploying endpoint security controls, take into account prioritising users who have a history of clicking on phishing attempts. In the grand scheme of defence strategies, endpoint privilege management – which can protect client-side credentials and help prevent the theft of cookies that could enable multi-factor authentication (MFA) bypassing – is an important layer.
3. MFA fatigue attacks, which spoof reliable sources via voice and SMS phishing, repeatedly ask users to accept MFA notifications in order to “fatigue” them, then utilise their responses to access the corporate VPN and other target systems
Attackers continue to develop new techniques to target MFA and undermine security measures. These attempts can be thwarted by choosing phishing-resistant MFA factors, such as a FIDO, QR codes, or physical tokens.
Changing your organisation’s MFA setup or configuration to need a one-time password (OTP) rather than a push message is one way to lessen MFA fatigue. Users frequently grow careless and unintentionally open doors for attackers when confronted with repeated authentication notifications and touchpoints. OTP can reduce the danger brought on by MFA fatigue even if it demands greater user participation.
MFA fatigue occurs when the attacker already has access to the user’s credentials. And must ask them to accept the MFA notice in order to obtain access. If a company is able to prevent MFA fatigue, the attacker will be compelled to select another attack vector. The OTP configuration can greatly lower risk and lessen susceptibility to this kind of attack for the user.
4. Moving laterally to create persistence, hide footprints, and compromise more servers and systems. Increasing privileges to gain access to important systems, such as domain controllers
Implement least privilege across all infrastructure, applications, and data to reduce cyber risk. Although it seems like a simple idea, implementing it on a large scale can be difficult. When it comes to protecting your most important assets, intelligent privilege controls can seamlessly safeguard access for all identities and flexibly automate the identity lifecycle using behavioural analytics and ongoing threat monitoring and prevention.
5. Data exfiltration
In one of the most recent phishing assaults, it was claimed that threat actors tried to re-enter the network after stealing data. They did this by focusing on workers who might have changed. Only one character in their passwords following a required credential reset. Although the attackers were fortunately unsuccessful, it is always important to use strong passwords. Better yet, let users automatically create secure passwords to entirely relieve them of the chore.
Phishing has advanced to new levels of creativity, and recent incidents demonstrate this. The lengths attackers will go to in order to deceive their trusting or MFA-weary victims. Since rogue clicks are unavoidable, effective anti-phishing defence should include both technological and human security components, and prioritise spotting threats immediately before they grow to become more dangerous.
EMEA Technical Director
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.