5 common factors in recent major phishing attacks and tips for mitigating cyber risk
Written by CyberArk, a key partner of DXC in the security space, this article was originally published on CyberArk.com and is reprinted with permission.
Phishing attacks are prevalent everywhere, from global telecommunications companies to small local retailers, no matter where you work. Fortunately, employees are becoming more knowledgeable about how to spot phishing scams, especially email-related scams. According to Verizon’s latest data breach investigation report , employees are only 2.9% more likely to click on a phishing email. But attacks against some of the biggest tech companies show just how sophisticated multi-pronged phishing techniques are.
5 common factors in recent major phishing attacks
Like an adventure novel where the reader chooses to act, phishing scams can be approached from multiple angles with a growing list of attack tactics, techniques and procedures. Defense in depth is essential because techniques that stopped phishing in the past may not stop spoofing the next . Understanding when and where to focus gives the cyber defense the edge. To that end, here are five factors we saw in major high-profile phishing attacks, along with cyber risk mitigation tips from CyberArk Labs and the Red Team .
1. Social engineering to identify individuals working for specific tech organizations
Cyber Risk Mitigation Tips: A recent survey of security leaders rated security awareness training as the second most effective defense-in-depth strategy for fighting ransomware. Instill security-conscious behavior into your organizational culture with regular training sessions and keep employees informed about evolving social engineering and phishing attack techniques . Also consider adding ethical phishing exercises to your training. We also ensure that spam filters are working properly to keep suspicious emails, mass campaign emails and unsolicited marketing materials out of your employee inboxes.
2. Identity compromise and network intrusion through the first factor, credential theft. For example, man-in-the-middle (MITM) attacks that sniff passwords or attacks that target cached passwords stored in the user’s browser
Cyber Risk Mitigation Tips: Security awareness campaigns don’t always prevent phishing attacks. Shay Nahari, vice president of Red Team Services at CyberArk, said: “ Endpoint privilege management is one of the key strategies in the basic framework of our defense strategy . We can prevent theft.” When deploying endpoint security controls, consider prioritizing users with a history of clicking on phishing attacks.
3. Multi-factor authentication fatigue attacks exploiting SMS and voice phishing impersonate a trusted source and request multi-factor authentication approval from the user, “fatigue” the user with a flood of push notifications, and once the user accepts. It then gains access to corporate VPNs and other target systems
Cyber Risk Mitigation Tips: Attackers continue to find new ways to target multi-factor authentication and bypass security controls. By choosing phishing-resistant multi-factor authentication factors such as FIDO, QR codes, and physical tokens , you can thwart such attempts.
“One way to mitigate multi-factor authentication fatigue attacks is to change multi-factor authentication settings or configurations to one-time password (OTP) entry instead of push notifications,” Nahari introduces. . “Repeated authentication messages and touchpoint displays can easily distract users and inadvertently create avenues of entry for attackers. It reduces the risk of factor authentication fatigue attacks.”
and continue like this: “My team investigates different types of findings, including IOCs (Indicators of Compromise), as part of our attacker simulation exercises. IOCs are the basic information in a given attack. Multi-factor authentication fatigue attacks If , the attacker already has the credentials and must ask the user to approve the multi-factor authentication notification to gain access.If a multi-factor authentication fatigue attack is successfully thwarted, the attacker can You are forced to choose another attack vector, and the OTP configuration makes your users less susceptible to this type of attack, greatly reducing the risk.”
A more user-friendly technique is to require a “number match” for successful multi-factor authentication. “Match number” displays the number to users responding to multi-factor authentication push notifications using an authenticator app. You will need to enter that number into the app to complete the authorization. During a phishing attack, the end-user does not know the correct sequence of numbers, so the authentication request is disapproved.
To prevent all kinds of multi-factor authentication attacks, you can set up mandatory multi-factor authentication every time a personal profile changes to catch malicious activity and proactively review risky events. It is important. In addition, SOC can leverage user behavior analytics to set contextual triggers that notify you when anomalous behavior is detected, and block user authentication requests from suspicious IP addresses.
4. Lateral movement to maintain connectivity, conceal tracks, and compromise other systems and servers. Infiltration of critical systems such as domain controllers through privilege escalation
Cyber Risk Mitigation Tip: Apply least privilege to all infrastructure, applications and data. This seems like a simple concept, but it can be difficult to implement, especially in large environments. That’s where intelligent rights management comes in. Intelligent permission management seamlessly secures access for all identities, provides continuous threat detection and prevention, and flexibly automates the identity lifecycle with behavioral analytics to protect your most important assets.
5. Data Leakage
Cyber Risk Mitigation Tip: In one recent phishing attack, the attacker reportedly stole data and attempted to re-enter the network after being detected and cleaned . This time, the attackers were targeting employees who may have changed just one character in their password when resetting their credentials. Fortunately, the attack was not successful, but strong passwords are worth continuing. Even better, provide a way to auto-generate unique and strong passwords, removing the burden from users entirely.
Phishing has evolved to unprecedented levels, and recent events show that attackers will go to great lengths to trick unsuspecting (or tired of multi-factor authentication) victims. Effective anti-phishing protection requires consideration of both the technical and human elements of security, assuming that fraudulent clicks are inevitable, and preempting phishing threats. should focus on detecting threats as quickly as possible.
