Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day.
Owing to the prevalence of the problem, Verizon's 2023 Data Breach Investigations Report estimates that more than a third of all data breaches involve phishing.
Of course, it's not just the sheer volume of attacks that is worrying.
Concerns are more likely to focus on the heightening complexity of techniques that attackers are using.
Phishing attacks are becoming alarmingly sophisticated.
As a result, it is becoming harder and harder to discern attacks from genuine digital interactions, as has been demonstrated in another recent phishing campaign uncovered by the Menlo Labs team.
In July 2023, Menlo Security's HEAT Shield detected and blocked a novel phishing attack that attempted to redirect unsuspecting users of the popular job listing site 'Indeed.com' to a phishing page impersonating Microsoft.
The attack chain began with victims receiving a phishing email that was delivered via a link that had been deceptively crafted to make the victim believe it had come from Indeed.com.
In this sense, threat actors were exploiting the highly trusted nature of 'Indeed.com' while redirecting targeted victims to a phishing site.
Critically, the spoofed page was deployed using a sophisticated phishing kit known as EvilProxy that can fetch content dynamically, doing so from the legitimate login site.
The phishing site then acts as a reverse proxy, proxying the request to the actual website and enabling the attacker to intercept the legitimate server's requests and responses.
With EvilProxy, the attacker is also able to steal session cookies, which can then be used to log in to the legitimate Microsoft Online site, impersonating the victims and bypassing non-phishing resistant multi-factor authentication policies.
This attack chain is a prime example of an Adversary In The Middle phishing attack, harvesting session cookies to enable threat actors to bypass MFA protections.
Of course, awareness and training are the first port of call when combating phishing attacks - something that many organisations already know about and implement.
According to one study, 84% of respondents conduct regular training to help staff understand phishing and reduce victimisation rates.
With threat actors becoming increasingly smart with their campaigns, it is important that firms go a step further, embracing a variety of policies, tools and technologies to develop multi-layered security strategies capable of bolstering defences against modern threats.
Not only can it cut off the attack vector from the initial access stage, but also it can redefine the way in which security is implemented, enforcing a proactive approach to deal with such highly evasive threats.
In the case of the Indeed.com attack, the technology successfully detected the phishing site using AI-based detection models to analyse the rendered web page prior to any URL reputation service and other security vendor flagging the page as malicious.
During this process, it also generates zero-hour phishing detection alerts, providing greater visibility and context of threats to security and SOC analysts.
The Indeed.com campaign is just one reminder among many of the importance of constantly evolving and enhancing security strategies to stay one step ahead of increasingly sophisticated threat techniques.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Mon, 11 Mar 2024 17:13:07 +0000