Commentary On TA505 Phishing Campaign

Experts Comments

October 28, 2021
Adrien Gendre
Chief Product Officer and Co-Founder
Vade

Despite having enterprise cybersecurity budgets, financial services organizations are, like all organizations, vulnerable to phishing attacks because no solution blocks 100% of phishing emails. The moment an email is blocked, a hacker is making adjustments to increase their chances of success on the next try.

Sophisticated groups like EvilCorp know their targets, and they know what is protecting them: the security infrastructure that is in place, including email security. Many email security

.....Read More

Despite having enterprise cybersecurity budgets, financial services organizations are, like all organizations, vulnerable to phishing attacks because no solution blocks 100% of phishing emails. The moment an email is blocked, a hacker is making adjustments to increase their chances of success on the next try.

Sophisticated groups like EvilCorp know their targets, and they know what is protecting them: the security infrastructure that is in place, including email security. Many email security solutions are even visible in a simple MX query. This gives the hacker an advantage. When they know what they are up against, they can find a way to reverse engineer the solution and breakthrough.

When an email does slip through, even a trained user can mistake a highly sophisticated phishing email for a legitimate email. The OneDrive and SharePoint links in the MirrorBlast campaign add an air of legitimacy to the emails, and the use of a redirect from a legitimate service confuses the email filter.

It ultimately comes down to two things: invisibility and user training. Your security stack should not be visible to cybercriminals--they will learn how to exploit them, and your users must be trained on the latest threats--not once or twice a year but continually and particularly after they have made the mistake of engaging with a malicious email.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.