Demo
The Ultimate Phishing Guide (e-Book) - Talion

Phishing: The No. 1 attack vector.

96% of attacks are executed via email.

Is your organisation prepared?

 

Contents

 

In an era where digital footprints start growing earlier in an individual’s life, the internet is a source of unlimited information – a hacker’s dream. Children are born into a world where technology has become second nature. They learn to read, to write and to use a mobile phone. They know how to use systems and software often through simple trial and error, including the email inbox. But are they taught how to catch out a phish? Is anyone?

Phishing is currently on high alert as individuals move in and out of their inbox daily. By the end of 2022, it’s projected to see a 600% increase1. It’s no surprise that the pandemic has influenced this number greatly; with the shift to remote working, the number of phishing targets has increased as multiple networks are crossed, emails and messages have replaced in-person conversations, and we have been sucked into a virtual world where it’s easy to click the wrong link at the wrong time.

In Microsoft’s New Future of Work Report, 80% of security professionals said they had encountered increased security threats since the shift to remote working2. Organisations must be increasingly vigilant; the statistics aren’t slowing anytime soon.

This guide will be a virtual journey into understanding phishing on a deeper level, how it may appear within your organisation, and what you can do to fight it.

You are not alone in identifying that phish.

Talion will help you catch it.

 

1 Cofense Anti-Phishing Solutions

2 Microsoft Future of Work Report

 

What Is Phishing?

Phishing is a social engineering tactic where emails are sent to a number of recipients intending to either manipulate them into revealing personal information, or download malicious software to their infrastructure, for example ransomware.

Usually, the cyber-criminal has 4 goals in mind:

  • Steal data
  • Steal money
  • Compromise user computer system accounts
  • Transport and deploy malware and ransomware

 

Behind the Scenes of Phishing…

The reason phishing is so prevalent is because of the following:

1) Personal Information is Easily Obtainable

Due to an increased digital footprint in today’s era of social media, hackers can more easily obtain email addresses and filter them into a list of targets.

2) It Costs Almost Nothing

Phishing pages are inexpensive to host with very low upkeep cost. It’s, therefore, no surprise that hackers take this approach; they can easily change the infrastructure of malicious webpages in alignment with their current goals, whether that is taking advantage of a global crisis or targeting a specific vulnerable persona.

For deeper insight into the behind the scenes of a hacker, including the techniques they are most likely to use to target your organisation and how best to defend against them, read more about Talion’s OSINTGlass service.

 

What is the Outcome?

Due to the increase in volume of phishing email attacks, security teams are overwhelmed.

As a result, 3 outcomes arise:

  • There is an increased risk of the phish not being detected
  • Analysts are diverted away from higher value tasks
  • Analysts are demotivated due to the repetitive nature of the task

Organisations must therefore evaluate the efficiency of their security team, understand what is at the root of phishing and how it is viewed amongst their employees, and then take proactive steps to prevent it going forward.

 

The Different Methods Of Phishing

 

 

5 Key Phishing Techniques To Be Aware Of:

 

1. EMAIL PHISHING

The most common phishing technique of them all – when a spam email is sent to a high number of recipients, often asking for money or pilfering personal information through a malware-infected link.

 

2. SPEAR PHISHING

Also known as an “impersonation attack”, this is an email targeting a specific user that appears as if it comes from a trusted source, often with a fake address or website that looks like the real one.

 

3. WHALING

These are fraudulent emails sent to/from the executive of an organisation, usually in an urgent tone, asking for quick access to sensitive information, a password, or a funds transfer to carry out a company function.

 

4. SMISHING/VISHING

Smishing uses texts or SMS in replace of the emails used in traditional phishing, whilst vishing uses voice messages and robocalls. For example, a user may receive a call or text claiming to be from their bank, urgently demanding a response with a request for personal information or a link to click on.

 

5. ANGLER

This kind of phishing attack uses social media activity as an attack vector to retrieve information. For example, the angler notices a social media post complaining about a company’s service and intercepts the communication, responding to the disgruntled customer offering to make things right. The customer then shares personal information or clicks a link they otherwise wouldn’t have.

 

Some phishing methods are more prevalent than others, and often cyber criminals will take advantage of someone in a vulnerable situation to increase their chances of success. Talion’s Threat Intelligence team have been monitoring the activity of threat actors for over a decade and have highlighted some specific phishing methods organisations should be aware of.

 

Real-World Phishing Themes

 

Reply-Chain Attacks

The Emotet botnet is a prime example of leveraging reply-chain tactics to complete successful phishing attacks, using account takeover tactics – the biggest phishing problem as of present. It was first discovered as a banking Trojan in 2014 and has since been used as a go-to-solution for cybercriminals. Once an account has been compromised, Emotet scrapes the user’s emails, generating unique phishing templates that are sent out via the same compromised email account, as if it were a continuation of a previous conversation. In January 2021, there was an Emotet takedown, but many suspected its return. Sure enough, in early November 2021 it was back. Cofense believe that Emotet campaigns are likely to increase in volume over time and evolve with the cyber defenses deployed3.

 

3 Q4 2021 Cofense Phishing Review

 

COVID-Related Attacks

Since the start of the Covid-19 pandemic in 2020, the number of phishing attacks has more than doubled due to the transition to remote working. This is because vulnerable circumstances are like gold to a cyber-criminal; target victims at their weakest and it’s easier to extract what you want from them. Phishing attacks have been following themes such as the following4:

  • Pandemic updates and guidance purporting to be from global, federal or local health organisations
  • Fake updates on remote working changes – company news and meeting invites
  • Financial claims related to COVID-19
  • COVID-19 office infection data and contact tracing

 

4 Cofense Annual Report 2021

 

Weaponising HTML Files

Secure Email Gateways (SEGs) are supposedly a key problem for threat actors, since they validate an email’s sender in order to protect incoming and outgoing emails. However, it’s common for cyber criminals to now weaponise HTML files through malicious encoding. This increases the chances of attachments reaching inboxes in SEG-protected environments.

 

Excel-DNA

Excel-DNA involves the creation of XLL files as add-ins for Microsoft Excel – a very legitimate use for many workplaces. However, threat actors have taken these add-ins and configured their files to reach out to Discord’s content delivery network (CDN) to download and run malicious payloads. This has become a more prolific method for malware delivery, anticipated to increase in volume as more threat actors discover and modify new uses for Excel-DNA5.

5 Q4 2021 Cofense Phishing Review

 

Monetising Phishing

Not only are cyber criminals targeting individuals for sensitive data such as credit card details, but they are targeting businesses, leaking corporate data to accelerate ransom payment. This can damage an organisation’s reputation and may even subject them to fines and penalties. First appearing in 2020, Avaddon ransomware is a key example of this, encrypting user’s data and threatening to make it public.

 

The Top Phishing Spots

 

 

ORIGIN: China

TARGET: Ukraine

EXAMPLE: Chinese threat actor Scarab targeted Ukraine with HeaderTip malware through phishing emails (March 2022)

 

ORIGIN: Russia

TARGET: Europe

EXAMPLE: Nobelium, also known as APT29, used sophisticated spear-phishing techniques against the West, affecting platforms such as Microsoft Windows (June 2021)

 

ORIGIN: India

TARGET: China

EXAMPLE: The Patchwork APT Group used a custom set of tools to target high-profile Diplomats and economists having foreign relations with China through spear phishing campaigns (since December 2015)

 

ORIGIN: Brazil

TARGET: Europe

EXAMPLE: A banking trojan, known as Metamorfo or Mekotio, abused AutoHotKey to evade detection and steal users’ information (March 2021)

 

Talion’s Threat Intelligence team provide contextual and actionable intelligence on real-world phishing events, how threat actors could pose a problem to your specific organisation, and the steps you can take to mitigate. For further details, read more here.

 

Phishing Is An Ongoing Saga…

… and perhaps always will be.

The problem with phishing isn’t our gullibility – that’s what cyber criminals want us to think.

 

Phishing is a Problem Because…

  • Attacks have evolved using more-sophisticated techniques and attackers are changing tactics quickly to evade detection and best convince recipients to act
  • Secure Email Gateways, anti-spam and signature-based antivirus need to be supplemented for protection against more-targeted, sophisticated and advanced attacks
  • Despite Google and Microsoft’s continued investment in G Suite and Office 365 security improvements, many clients report dissatisfaction with native capabilities and are, therefore, choosing to supplement with third-party products
  • Blame is pushed onto individuals for “falling for a phish”, causing victims to remain silent due to fear of punishment and increasing the time it takes to remediate the phish

 

What Can You Do?

To avoid financial loss and keep employees safe, organisations must consider a wide range of options for preventing phishing.

On a basic level, you can encourage employees to ask themselves the following questions when receiving an email:

  • Do I know and trust this person that has reached out to me?
  • Do their details and tone of voice sound authentic and/or familiar?
  • Is this urgent – can I double check with a second party before taking action?
  • Do the links and/or attachments seem legitimate? (hover over to check the URL)

 

 

However, educating employees to avoid clicking links isn’t enough, and ultimately it goes against our very instinct when using the internet. It is better to teach staff the tricks of the trades of how phishing tactics work in terms of timings, tone of voice, etc. As humans, we’re good at identifying robots and scams, but when social engineering tactics throw us off course, advanced anti-phishing solutions, such as MPDR, and threat analysis are needed above all else.

Discover how Talion’s MPDR service goes beyond staff training and increasing awareness.

 

5 Tips To Fight Phishing

Phishing is one of the primary threats facing organisations, and the reason it’s so successful is down to just how good threat actors have become at duping victims and exploiting our click-happy society.

Talion have gathered 5 of the best actions you can take to counteract phishing within your organisation.

 

Seek Actionable Intelligence

The more knowledge you have of cyber-attacks, phishing campaigns and the key methods used, the better your resiliency against phishing. Whether you are doing your own in-depth research or utilising a Threat Intelligence team, you can discover what is currently on high alert, how organisations are protecting their employees and predict what to look out for in the near future.

 

Act Immediately and Decisively

As with all cyber-attacks, time is of the essence, but this is a challenge for many security teams where in-house SOCS are overburdened with the overwhelming stream of constant security alerts. Organisations need to look to Managed Phishing Detection and Response (MPDR) for a 24×7 threat monitoring service that allows their security team to focus their attention on incident response instead, saving both time and resources.

 

Educate Employees (but this only goes so far)

Educating your employees plays a vital part in building awareness and encouraging reporting of suspicious content with a clear method and no-blame culture. Creating phishing simulations that closely align with what your organisation are most likely to experience will boost your overall resiliency and employee confidence. However, education only goes so far and doesn’t stop the threat from reaching the user. A wider anti-phishing plan, such as investing in a MDR service, can offer quicker and more accurate responses to cyber threats.

 

Protect Your Accounts

Account takeover is currently the biggest phishing problem. Malicious emails have the capability to bypass even the best software, so it’s important to take your own precautions where possible. Use a proxy server or up-to-date browser to protect users from malicious websites and consider multi-factor authentication (MFA) to increase resistance to phishing via login credentials. Services like OSINT can be helpful for identifying what sensitive information about users is available openly on the internet for threat actors to engineer into phishing attacks.

 

Listen to the Security Noise (or at least some of it)

There is endless chatter online regarding recent cyber-attacks and methods of best practice but, when it comes to security advice, Talion highly recommend paying attention to the NCSC. They share four layers you should build your security defences upon so that, if any actions or platforms slip up, there is always a reliable defence underneath it. Read about a specific case study here.

 

Fighting phishing is most effective when you are a executing a combination of anti-phishing solutions, employee education and threat analysis. If you can support your IT security team to identify cyber-attacks quicker and take action, without wasting precious time and resources, that is crucial.

 

 

“We live in a click-society, be it email, text, or video link. Human curiosity makes anyone and everyone susceptible to a phishing attack, which is why they are so successful. Add in remote working and the problem is amplified. We know training and awareness only goes so far. Cyber-criminals know organisations care about their reputation and are likely to pay a ransom rather than fight back. They also know staff would rather stay silent rather than risk any consequences. We are here to put a stop to that.”

– Mike Brown, CEO at Talion

 

 

How Talion Can Offer Support

 

Why Ask for Help When it Comes to Phishing?

Organisations often make the mistake of thinking employee education is enough. However, employees will still click on links and attackers will always find new innovative ways to get them to do it. The most effective phishing solution needs security expertise to pull the phish apart, understand previous missed attacks and feed into existing security solutions of the organisation – one where employees can trust the security defences, rather than trusting themselves to do a computer’s job.

Ignoring the problem of phishing is the biggest mistake; it could initiate a successful attack which will turn customers away – the upfront work is more than worth your time and money.

 

Organisations have the option to:

  • Build in house experts
  • Keep using their SOC
  • Outsource to experts

 

Talion recommends outsourcing an MPDR service – a crucial step before starting any phishing education programme, to ensure security teams aren’t getting unnecessarily overwhelmed with security alerts.

 

The Talion Solution

Talion noticed two key issues surrounding phishing: effortlessness of executing email phishing attacks and the sheer volume of them. Organisations need a service that comprises the right technology, processes and people to supplement both their existing technology and their in-house capabilities/resources to detect and stop phishing attacks quickly.

 

 

Talion’s Managed Phishing Detection and Response (MPDR) service is a round-the-clock solution that has been curated to:

  • Minimise the number of phishing emails reaching users
  • Reduce the levels of resource and personnel managing the volume of attacks
  • Present a clear ROI calculation on the reduction of future ransomware pay-outs
  • Empower organisations and staff with an anti-phishing service that also detects infection

 

The Benefits

✅ Ideal for organisations who lack the in-house expertise and/or resources to effectively detect, respond and stop phishing attacks

✅ Takes pressure off of overwhelmed security teams with 24×7 monitoring from expert analysts

✅ Offers best of breed phishing detection technology to identify and quarantine phishing emails quickly and effectively across the organisation

✅ Delivers actional reporting that not only provides a holistic view but also allows organisations to calculate a clear ROI

✅ Gives power and control back to organisations who can have as much or as little input as they wish

✅ Can integrate with existing phishing reporting mechanisms, such as report buttons e.g. KnowBe4

✅ Can be standalone or integrated into Talion’s MDR portfolio

✅ SOAR capabilities to take automated remedial measures e.g. block an identified URL on firewall

✅ Shared phishing intelligence to leverage a network effect of phishing knowledge across Talion’s customer base

 

See Talion’s MPDR operating model and architecture below for further insight.

 

 

Want to find out more about Talion’s analyst capabilities, processes, technology and resources to detect and stop phishing attacks on a 24/7 basis?

Download the MPDR datasheet for more insight into what Talion’s services can do for you.

 

Contact us below:

T: 0800 048 5775

E: hello@talion.net

 

 
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.