Since the dawn of the internet, cybercriminals have performed countless attacks compromising the security of organizations across the world. As more and more business processes are shifted to online platforms and the adoption of connected devices rises, the menace of cyber attacks only becomes more apparent.
The motives behind cyber attacks can vary from pure financial gains to more sinister ones like cyber espionage. However, across all the variety of cyber attacks performed every year, one attack technique always stands out from the rest. We are of course talking about the ever-present threat of Phishing.
One threat to breach them all
Just to highlight how hard it has hit organizations across the world in recent years, let us look at some of the statistics on phishing attacks.
- In 2018, IBM conducted a large study on data breaches which found out that the average cost of a data breach is $3.86 million. Shockingly, of all the data breaches studied, over 90% were performed through phishing.
- Additionally, 15% of people successfully “phished” were targeted at least once more during the same year.
- According to Webroot, around 1.5 million new phishing sites are created each month.
- According to Verizon’s 2018 Breach Investigations Report, malware is delivered via phishing email in 92 percent of attacks.
- According to the FBI, Business Email Compromise (BEC) scams, one of the types of phishing attacks, alone led to $1.2 billion in losses.
These numbers speak for themselves. It is a tried and tested attach technique which is used for all kinds of malicious purposes such as delivering malware, extracting employee credentials, exposing sensitive business documents, targeting high-profile executives, and more.
A tough nut to crack
Despite its old origins, the security industry has not been able to provide a foolproof solution to end the scare of phishing threats for enterprises. The phishing attacks are instead increasing and evolving as time goes by.
What makes it so hard to prevent is that it targets human psychology to give way to human error which would grant the perpetrators further access or insights into the target organization. Even the most tech-savvy users can fall prey to the sophisticated social engineering techniques used in spear phishing attacks. Furthermore, just spreading awareness about phishing threats is not enough to curb its impact.
Automating your way out of the Phishing Threats
Traditionally, the approach to prevent phishing has relied on manual filtering of malicious IPs or domains used by the attackers. Using advanced techniques based on security orchestration, automation and response (SOAR), organizations can model a phishing campaign and choose actions to block it at different stages of the attack.
Let us take the example of an invoice phishing scam which is used to target an organization’s financial department, HR department, or its top-level executives. Less than a month ago, Google and Facebook got tricked by such a scam whereby the scammers managed to score total payments of $123 million from both the companies.
The threat actors usually create an email with a seemingly authentic subject line and a malicious URL in the body of the email, which is sent to multiple employees of an organization. Such an attack could be prevented at various stages such as:
- When the phishing email is received by the organization’s mail server, it can be rejected based on various parameters such as subject line, sender IP, content or more.
- If the email gets through the spam filter, it can be flagged to train the spam filter further.
- If the email reaches the inbox of a target employee, it could be removed by IT staff.
- If an employee opens such an email, they can be alerted of the phishing campaign.
- If the employee clicks on a malicious link in the email, the DNS request sent by the link can be blocked by setting custom rules to filter out malicious entities based on Indicators of Compromise (IOCs) obtained from various threat intel sources.
- If the employee opens the webpage with a malicious file available for download, the download can be blocked based on the type of the file.
- If the employee opens a malicious file after download, the signature of the file can be used to block such downloads on all endpoints.
- If the file is only a dropper that downloads additional payloads, it can be blocked based on the pattern of the requests it makes.
- If the additional payload is downloaded and installed, its signature can be used to block any future downloads of the same malware.
- If the malware connects to its command and control (C&C) server, the connection can be detected, monitored and blocked using network proxy logs.
- If the malware attempts to transfer any files from the endpoint to its C&C server, the connection attempt can be blocked.
Beat threats without a sweat
By leveraging the power of security orchestration and automation, security teams can effectively detect and defend against phishing threats with visibility and control over multiple stages of the attack. All the required defensive actions can be performed by creating custom Playbooks in Cyware’s Cyware Fusion and Threat Response (CFTR) platform. Moreover, CFTR provides responders with a unified picture of the threat environment to detect and respond to a wide variety of attack scenarios. Whether it is the case of an invoice phishing scam, spearphishing attack, payroll scam, BEC scam, or any other kind of phishing attack, CFTR’s comprehensive feature set ensures a high level of readiness to deal with any attack campaign.
Posted on: May 01, 2019