Talion is a finalist for Best SIEM Solution
Talion is a finalist for Best SIEM Solution
Talion is a finalist for Best SIEM Solution
Get your own downloadable copy of The Ultimate Phishing Guide eBook here, or read below.
Phishing: The No. 1 attack vector.
96% of attacks are executed via email.
Is your organisation prepared?
In an era where digital footprints start growing earlier in an individual’s life, the internet is a source of unlimited information – a hacker’s dream. Children are born into a world where technology has become second nature. They learn to read, to write and to use a mobile phone. They know how to use systems and software often through simple trial and error, including the email inbox. But are they taught how to catch out a phish? Is anyone?
Phishing is currently on high alert as individuals move in and out of their inbox daily. By the end of 2022, it’s projected to see a 600% increase1. It’s no surprise that the pandemic has influenced this number greatly; with the shift to remote working, the number of phishing targets has increased as multiple networks are crossed, emails and messages have replaced in-person conversations, and we have been sucked into a virtual world where it’s easy to click the wrong link at the wrong time.
In Microsoft’s New Future of Work Report, 80% of security professionals said they had encountered increased security threats since the shift to remote working2. Organisations must be increasingly vigilant; the statistics aren’t slowing anytime soon.
This guide will be a virtual journey into understanding phishing on a deeper level, how it may appear within your organisation, and what you can do to fight it.
You are not alone in identifying that phish.
Talion will help you catch it.
1 Cofense Anti-Phishing Solutions
2 Microsoft Future of Work Report
Phishing is a social engineering tactic where emails are sent to a number of recipients intending to either manipulate them into revealing personal information, or download malicious software to their infrastructure, for example ransomware.
Usually, the cyber-criminal has 4 goals in mind:
Behind the Scenes of Phishing…
The reason phishing is so prevalent is because of the following:
1) Personal Information is Easily Obtainable
Due to an increased digital footprint in today’s era of social media, hackers can more easily obtain email addresses and filter them into a list of targets.
2) It Costs Almost Nothing
Phishing pages are inexpensive to host with very low upkeep cost. It’s, therefore, no surprise that hackers take this approach; they can easily change the infrastructure of malicious webpages in alignment with their current goals, whether that is taking advantage of a global crisis or targeting a specific vulnerable persona.
For deeper insight into the behind the scenes of a hacker, including the techniques they are most likely to use to target your organisation and how best to defend against them, read more about Talion’s OSINTGlass service.
What is the Outcome?
Due to the increase in volume of phishing email attacks, security teams are overwhelmed.
As a result, 3 outcomes arise:
Organisations must therefore evaluate the efficiency of their security team, understand what is at the root of phishing and how it is viewed amongst their employees, and then take proactive steps to prevent it going forward.
5 Key Phishing Techniques To Be Aware Of:
1. EMAIL PHISHING
The most common phishing technique of them all – when a spam email is sent to a high number of recipients, often asking for money or pilfering personal information through a malware-infected link.
2. SPEAR PHISHING
Also known as an “impersonation attack”, this is an email targeting a specific user that appears as if it comes from a trusted source, often with a fake address or website that looks like the real one.
3. WHALING
These are fraudulent emails sent to/from the executive of an organisation, usually in an urgent tone, asking for quick access to sensitive information, a password, or a funds transfer to carry out a company function.
4. SMISHING/VISHING
Smishing uses texts or SMS in replace of the emails used in traditional phishing, whilst vishing uses voice messages and robocalls. For example, a user may receive a call or text claiming to be from their bank, urgently demanding a response with a request for personal information or a link to click on.
5. ANGLER
This kind of phishing attack uses social media activity as an attack vector to retrieve information. For example, the angler notices a social media post complaining about a company’s service and intercepts the communication, responding to the disgruntled customer offering to make things right. The customer then shares personal information or clicks a link they otherwise wouldn’t have.
Some phishing methods are more prevalent than others, and often cyber criminals will take advantage of someone in a vulnerable situation to increase their chances of success. Talion’s Threat Intelligence team have been monitoring the activity of threat actors for over a decade and have highlighted some specific phishing methods organisations should be aware of.
Real-World Phishing Themes
Reply-Chain Attacks
The Emotet botnet is a prime example of leveraging reply-chain tactics to complete successful phishing attacks, using account takeover tactics – the biggest phishing problem as of present. It was first discovered as a banking Trojan in 2014 and has since been used as a go-to-solution for cybercriminals. Once an account has been compromised, Emotet scrapes the user’s emails, generating unique phishing templates that are sent out via the same compromised email account, as if it were a continuation of a previous conversation. In January 2021, there was an Emotet takedown, but many suspected its return. Sure enough, in early November 2021 it was back. Cofense believe that Emotet campaigns are likely to increase in volume over time and evolve with the cyber defenses deployed3.
3 Q4 2021 Cofense Phishing Review
COVID-Related Attacks
Since the start of the Covid-19 pandemic in 2020, the number of phishing attacks has more than doubled due to the transition to remote working. This is because vulnerable circumstances are like gold to a cyber-criminal; target victims at their weakest and it’s easier to extract what you want from them. Phishing attacks have been following themes such as the following4:
4 Cofense Annual Report 2021
Arming HTML Files
Secure Email Gateways (SEGs) are supposedly a key problem for threat actors, since they validate an email’s sender in order to protect incoming and outgoing emails. However, it’s common for cyber criminals to now weaponise HTML files through malicious encoding. This increases the chances of attachments reaching inboxes in SEG-protected environments.
Excel-DNA
Excel-DNA involves the creation of XLL files as add-ins for Microsoft Excel – a very legitimate use for many workplaces. However, threat actors have taken these add-ins and configured their files to reach out to Discord’s content delivery network (CDN) to download and run malicious payloads. This has become a more prolific method for malware delivery, anticipated to increase in volume as more threat actors discover and modify new uses for Excel-DNA5.
5 Q4 2021 Cofense Phishing Review
Monetising Phishing
Not only are cyber criminals targeting individuals for sensitive data such as credit card details, but they are targeting businesses, leaking corporate data to accelerate ransom payment. This can damage an organisation’s reputation and may even subject them to fines and penalties. First appearing in 2020, Avaddon ransomware is a key example of this, encrypting user’s data and threatening to make it public.
ORIGIN: China
TARGET: Ukraine
EXAMPLE: Chinese threat actor Scarab targeted Ukraine with HeaderTip malware through phishing emails (March 2022)
ORIGIN: Russia
TARGET: Europe
EXAMPLE: Nobelium, also known as APT29, used sophisticated spear-phishing techniques against the West, affecting platforms such as Microsoft Windows (June 2021)
ORIGIN: India
TARGET: China
EXAMPLE: The Patchwork APT Group used a custom set of tools to target high-profile Diplomats and economists having foreign relations with China through spear phishing campaigns (since December 2015)
ORIGIN: Brazil
TARGET: Europe
EXAMPLE: A banking trojan, known as Metamorfo or Mekotio, abused AutoHotKey to evade detection and steal users’ information (March 2021)
Talion’s Threat Intelligence team provide contextual and actionable intelligence on real-world phishing events, how threat actors could pose a problem to your specific organisation, and the steps you can take to mitigate. For further details, read more here.
… and perhaps always will be.
The problem with phishing isn’t our gullibility – that’s what cyber criminals want us to think.
Phishing is a Problem Because…
What Can You Do?
To avoid financial loss and keep employees safe, organisations must consider a wide range of options for preventing phishing.
On a basic level, you can encourage employees to ask themselves the following questions when receiving an email:
However, educating employees to avoid clicking links isn’t enough, and ultimately it goes against our very instinct when using the internet. It is better to teach staff the tricks of the trades of how phishing tactics work in terms of timings, tone of voice, etc. As humans, we’re good at identifying robots and scams, but when social engineering tactics throw us off course, advanced anti-phishing solutions, such as MPDR, and threat analysis are needed above all else.
Discover how Talion’s MPDR service goes beyond staff training and increasing awareness.
Phishing is one of the primary threats facing organisations, and the reason it’s so successful is down to just how good threat actors have become at duping victims and exploiting our click-happy society.
Talion have gathered 5 of the best actions you can take to counteract phishing within your organisation.
Seek Actionable Intelligence
The more knowledge you have of cyber-attacks, phishing campaigns and the key methods used, the better your resiliency against phishing. Whether you are doing your own in-depth research or using a Threat Intelligence team, you can discover what is currently on high alert, how organisations are protecting their employees and predict what to look out for in the near future.
Act Immediately and Decisively
As with all cyber-attacks, time is of the essence, but this is a challenge for many security teams where in-house SOCS are overburdened with the overwhelming stream of constant security alerts. Organisations need to look to Managed Phishing Detection and Response (MPDR) for a 24×7 threat monitoring service that allows their security team to focus their attention on incident response instead, saving both time and resources.
Educate Employees (but this only goes so far)
Educating your employees plays a vital part in building awareness and encouraging reporting of suspicious content with a clear method and no-blame culture. Creating phishing simulations that closely align with what your organisation are most likely to experience will boost your overall resiliency and employee confidence. However, education only goes so far and doesn’t stop the threat from reaching the user. A wider anti-phishing plan, such as investing in a MDR service, can offer quicker and more accurate responses to cyber threats.
Protect Your Accounts
Account takeover is currently the biggest phishing problem. Malicious emails have the capability to bypass even the best software, so it’s important to take your own precautions where possible. Use a proxy server or up-to-date browser to protect users from malicious websites and consider multi-factor authentication (MFA) to increase resistance to phishing via login credentials. Services like OSINT can be helpful for identifying what sensitive information about users is available openly on the internet for threat actors to engineer into phishing attacks.
Listen to the Security Noise (or at least some of it)
There is endless chatter online regarding recent cyber-attacks and methods of best practice but, when it comes to security advice, Talion highly recommend paying attention to the NCSC. They share four layers you should build your security protections upon so that, if any actions or platforms slip up, there is always a reliable protection underneath it. Read about a specific case study here.
Fighting phishing is most effective when you are a executing a combination of anti-phishing solutions, employee education and threat analysis. If you can support your IT security team to identify cyber-attacks quicker and take action, without wasting precious time and resources, that is crucial.
“We live in a click-society, be it email, text, or video link. Human curiosity makes anyone and everyone susceptible to a phishing attack, which is why they are so successful. Add in remote working and the problem is amplified. We know training and awareness only goes so far. Cyber-criminals know organisations care about their reputation and are likely to pay a ransom rather than fight back. They also know staff would rather stay silent rather than risk any consequences. We are here to put a stop to that.”
– Mike Brown, CEO at Talion
Why Ask for Help When it Comes to Phishing?
Organisations often make the mistake of thinking employee education is enough. However, employees will still click on links and attackers will always find new innovative ways to get them to do it. The most effective phishing solution needs security expertise to pull the phish apart, understand previous missed attacks and feed into existing security solutions of the company – one where employees can trust the security protections, rather than trusting themselves to do a computer’s job.
Ignoring the problem of phishing is the biggest mistake; it could initiate a successful attack which will turn customers away – the upfront work is more than worth your time and money.
Organisations have the option to:
Talion recommends outsourcing an MPDR service – a crucial step before starting any phishing education plan, to ensure security teams aren’t getting unnecessarily overwhelmed with security alerts.
The Talion Solution
Talion noticed two key issues surrounding phishing: effortlessness of executing email phishing attacks and the sheer volume of them. Organisations need a service that comprises the right technology, processes and people to supplement both their existing technology and their in-house capabilities/resources to detect and stop phishing attacks quickly.
Talion’s Managed Phishing Detection and Response (MPDR) service is a round-the-clock solution that has been curated to:
The Benefits
✅ Ideal for organisations who lack the in-house expertise and/or resources to effectively detect, respond and stop phishing attacks
✅ Takes pressure off of overwhelmed security teams with 24×7 monitoring from expert analysts
✅ Offers best of breed phishing detection technology to identify and quarantine phishing emails quickly and effectively across the organisation
✅ Delivers actional reporting that not only provides a holistic view but also allows organisations to calculate a clear ROI
✅ Gives power and control back to organisations who can have as much or as little input as they wish
✅ Can integrate with existing phishing reporting mechanisms, such as report buttons e.g. KnowBe4
✅ Can be standalone or integrated into Talion’s MDR portfolio
✅ SOAR capabilities to take automated remedial measures e.g. block an identified URL on firewall
✅ Shared phishing intelligence to leverage a network effect of phishing knowledge across Talion’s customer base
See Talion’s MPDR operating model and architecture below for further insight.
Want to find out more about Talion’s analyst capabilities, processes, technology and resources to detect and stop phishing attacks on a 24/7 basis?
Download the MPDR datasheet for more insight into what Talion’s services can do for you.
Contact us below:
T: 0800 048 5775
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.
