Cyber threat actors still rely on psychological manipulation in the form of convincing phishing emails just as much as they do technical hacks to hack into networks today.
This article examines some of the lessons learned from recent phishing attacks and provides actionable suggestions to reduce the risk of phishing impacting your business.
High-profile recent phishing attacks
The most common method by which actors gain initial access to networks and systems is phishing. In 41 % of the cyber incidents analyzed, according to the most recent version of IBM’s Threat Intelligence report, phishing emerged as the primary infection vector.
What can be learned from a few well-known recent phishing attacks, as well as some.
Malicious Microsoft Teams Chats
A new phishing campaign that pushed DarkGate malware payloads via dreck-infected Microsoft Teams chats was discovered by AT& T security researchers. More than 1, 000 phishing chat invites were sent by thwartors who appeared to be Team members.
Once a disguised file was accepted and downloaded by recipients, the malware would launch a command-and-control server.
What can be learned from this incident include:
- Threat actors now include direct messaging and group chats within team collaboration platforms beyond email, making phishing attacks even more prevalent. Due to the faster-growing COVID-19 pandemic, which resulted in increased reliance on these tools, remote work has become more popular.
- If your business does n’t need to allow outsider Microsoft Teams users to communicate with your employees, it’s important to disable external access in Microsoft Teams.
Through Indeed, you can open Redirect phishing.
Hacking group EvilProxy used open redirects from the Indeed employment site to target Microsoft 365 accounts in an intriguing phishing campaign from 2023. These open redirects are code errors in the website that make it possible to redirect users to arbitrary locations using only arbitrary URL manipulation. Executives and high-ranking employees were notified via emails with allegedly real indeed .com links that referred to copycat login pages for Microsoft 365 accounts where their login attempts were hacked.
What can be learned from this campaign?
- Even powerful platforms like Indeed can have security flaws that facilitate hackers ‘ tasks.
- Senior employees can be lucrative targets for phishing schemes because frequently accessing their accounts makes it simple to gain access to sensitive information or communications.
Attendees of the NATO Summit
Threat actors phishing campaigns targeted NATO summit attendees who supported Ukraine’s ongoing war against Russia in the middle of 2023. The Ukrainian World Congresswebsite was created by the hacking group RomCom using the a.info domain ( the authentic site uses .org ). There are malicious documents that, once downloaded, infect the victims ‘ systems on the fake website.
Lessons from this are:
- Threat actors still frequently conjure up replicas of legitimate websites with only minor spelling changes to entice potential victims. For general phishing awareness, carefully analyzing URLs is worthwhile.
- Phishing attacks are increasingly used in espionage and geopolitical cybercrime to gather sensitive information and stifle operations in targeted countries or organizations because they are not only motivated by profit.
What Can Businesses Do to Reduce the Risk of Phishing?
Here are some ways to reduce phishing risks in the face of persistent phishing attacks that can lead to large-scale data breaches.  ,
Employee Awareness and Training
The first line of defense against phishing and other forms of social engineering is provided by educated and knowledgeable employees. Effective training trains staff to recognize and prevent phishing attempts and imparts necessary theoretical knowledge and practical skills.
Your employees are taught the different phishing strategies employed by hackers, including whaling and spear phishing, through theoretical training. In addition to addressing phishing attacks, this training should cover company policies and procedures for handling suspicious emails.
Employees can identify tell-tale signs of phishing, such as obscene email addresses, grammar mistakes, and profanity. It is beneficial to reinforce employee knowledge and awareness by conducting regular, unanticipated phishing simulation exercises to assess their readiness.
Advanced email filtering
While it is worthwhile to train users, it is too risky to rely on effective training to stop all phishing attacks. People will make mistakes, too. Advanced email filtering is a technological tool that lessens your reliance on user vigilance and lowers the likelihood of successful phishing attacks.
Among the elements that modern email filtering solutions use,
- Email filters can now understand the context and purpose of the text in emails using natural language processing ( NLP ) techniques.
- Machine learning algorithms that identify emails that deviate from your organization’s typical communication patterns.
- To check the viability of links and block emails that contain links to well-known phishing or malware sites, URL analysis and reputation-score systems are used. Some software checks the URLs on emails for suspicious links, such as phishing forms that seek to collect credentials or personal information.
- Before one of your unsuspecting users opens files attached to emails or downloaded from links, attachment scanning helps to identify malware, ransomware, or other malicious payloads. A security automation platform can be used to automatically identify and respond to suspicious attachments.
Multi-Factor Authentication ( MFA )
To gain access to an account, system, or application, multi-factor authentication requires that users provide two or more verification factors. Even if a phishing attack is successful in tricking a user into giving their password, additional authentication factors add an additional security barrier to unauthorized access.
Far less serious than having sensitive company or customer data accessed or stolen, having a user’s password compromised by phishing is.
You can automatically verify whether employers are enabling MFA across devices using a security automation copilot like Blink. For instance, the automated Okta workflow tracks any MFA gaps.
How Security Automation Can Be Used
By streamlining incident response, automating security workflows reduces phishing risks. Effective automated email security workflows can automatically detect suspected phishing incidents ( for example, by alerting internal teams or Slack channels ) and provide immediate responses.
In order to reduce the risk of phishing damage, this kind of quickfire response ensures prompt action without manual intervention.
Anyone can use Blink to create a security workflow automatically by answering a prompt.
Blink makes it simple to automate, whether it’s securing MFA gaps or responding to phishing attacks from Gmail. Schedule a demo today to see how it works.
sponsored by Blink and written by them.