Despite the dramatic cyber warfare headlines promising malware armageddon, reports collected by the ICO have revealed that it was phishing, not malware, that was responsible for the majority of cyber security breaches in 2019.
How did phishing become the cybercriminals weapon of choice?
As malware detection becomes more common, attackers are switching tactics. Accessing a network using stolen email credentials gives attackers more time to explore their victims’ networks undetected and discover valuable data to exploit.
This is where phishing comes in. Despite advances in video conferencing and IM platforms, email is still the number one communication method in business and organisations are struggling to balance threat reduction while enabling email to support business as usual.
By transitioning phishing scams from mass-scale generic campaigns to a more personalised, targeted approach, attackers are now seeing a much higher success rate from phishing.
What does a phishing attack look like in 2020?
Personalised phishing campaigns manifest in a number of different ways. In ‘conversation-hacking’, the attacker infiltrates existing email threads using compromised credentials by replying to a message posing as a trusted colleague. For these attacks, the bad actor does not use the compromised account to send the phishing email, as the legitimate account user could spot the suspicious messages in their sent emails and raise the alarm.
Instead, conversation-hackers rely on typosquatting techniques where the attacker uses a similar domain to send emails but uses the real name of a colleague in the email thread to trick users. This style of attack has a high success rate with victims being fooled into installing ransomware, paying fraudulent invoices or sharing sensitive data with the attackers.
Phishing campaigns are now also heavily focused on getting an emotional response from their victims. It’s common to see fake emails from the Head of HR telling recipients their roles at risk of redundancy, or pretending to be from the finance team claiming there has been an error in paying their salary – scenarios that can trigger many users to click a link in a panicked attempt to fix the situation ASAP.
Accounting for this type of emotional manipulation is crucial and cyber awareness training goes a long way to helping reduce the likelihood of successful attacks. Training sessions will typically prompt users to check the email address of sender, verify identities by phone or start a new email conversation to a known address if they’ve received a suspicious email from a contact.
What can you do to protect your company from phishing?
Although cyber awareness training is part of the solution, common sense can be easy to forget in a busy day when hundreds of emails are being sent. And when attackers use sophisticated social engineering based on our worst fears, it’s easy to see why some users are tricked into clicking. So, can we reduce the volume of phishing emails targeting users?
For many organisations, automating threat intelligence processes has helped to rapidly identify vulnerabilities that attackers may look to exploit in phishing campaigns. Most businesses have a vast number of potential domain permutations that could be used in typosquatting attacks and manually monitoring these domains for signs of suspicious activity is generally not realistic.
Luckily, threat intelligence tools are now making it easier to avoid these attacks. Businesses should look for solutions that flag suspicious domain permutations so they can proactively blacklist high risk IP addresses and stop phishing emails reaching their targets. It’s also worth investing in tools to highlight implementation errors with your SPF (Sender Policy Framework) record. This helps users to understand where emails from your domain should be coming from and verify that they aren’t being spoofed.
Ultimately, when it comes to giving your organisation maximum protection against phishing attempts, automation is the key. The trick is to find a solution that rapidly highlights your key vulnerabilities so you can remediate issues before phishing attacks can exploit them.