About a year ago when I was consulting with a data science company, I received an email from the company CISO asking me to urgently send him several Amazon gift cards so he could distribute them to customers at a conference. This was a common practice and my first instinct was to jump to action. I had worked with the CISO in various capacities, but It was perplexing that he would ask me for this errand and not someone on his team. So I tried to send him a message on Slack and found his Slack account blocked. After contacting IT Security, it became clear that (ironically) the CISO’s email had been compromised and I was the target of a phishing scam.
Email compromise combined with impersonation is a tactic used by phishing threats – though not as common as some other methods. Financial scams, brand impersonation and blackmail are some of the other tactics used in phishing.
The Move to Remote Work Presents New Opportunities
Last year, according to CSO Online, 94% of malware was delivered through email, and phishing scams accounted for more than 80% of reported cybersecurity attacks. Sadly, with the advent of the pandemic, the opportunities for these malicious attacks are growing, and it’s likely this trend will continue. A recent Gallup study shows that 62% of U.S. workers surveyed have worked remotely during the COVID-19 crisis.
Furthermore, the same study reports that three out of five people working remotely prefer to continue to do so even after the pandemic-related restrictions are lifted. Many organizations are considering offering flexible work arrangements on a more permanent basis.
Cybercriminals have clearly tapped into this new opportunity. COVID-19 phishing and spear phishing attacks have been multiplying exponentially since February of this year, with a huge spike starting at the beginning of March.
How About Email Gateways?
Most enterprises use email gateways to protect against phishing emails sent to their email server. Email gateways can be deployed as a cloud service, an on-premises appliance or bundled in with the email service. Some security gateways even offer data loss prevention capabilities that stop malicious or inadvertent insider leakage of critical information. In fact, email gateways are able to reduce the number of compromises of users through emails, but as we all know, reducing the number of attacks is not good enough.
As it happens, we are faced with adversaries who are very innovative (in a destructive way). These attackers are constantly finding new ways to bypass email gateways, and email vendors can not react fast enough to stop them. For example, a recent whitepaper, “Five Major Security Threats,” shares details of a phishing approach that seeks to avoid detection by embedding malicious links within PDF files rather than within the email itself, where some email gateways can spot and quarantine them. When users open the PDF and click on a malicious link in it, they’ll be directed to a fraudulent webpage that looks exactly like a real page the users might expect to see.
To make matters more complicated, email gateways have no control over many of the attack vectors used for phishing. These include personal email accounts running on company devices, social media and messaging apps – all of which are prone to phishing attacks. Clearly, as necessary as email gateways are, they are not enough to protect you against email-related attacks.
So How Do You Stop Phishing Attacks?
Employee security awareness and education is the first line of defense and an important part of protecting your organization against phishing attacks. But with busy and sometimes distracted employees multi-tasking and often running personal email and social media on their company devices, you need more than educated employees. Manual detection and response to phishing emails is complex, time consuming and error prone. To eliminate phishing threats effectively, you need the right security tools deployed across your environment. Here are a few recommendations to strengthen and layer your defenses:
URL filtering automatically prevents attacks that leverage the web as an attack vector, including phishing links in emails, phishing sites, HTTP-based (C2) attacks, malicious sites and pages that carry exploit kits. URL Filtering stops phishing using multiple techniques:
1) Known phishing sites are automatically blocked.
2) New, unknown phishing sites are detected and blocked instantly with machine learning in-line.
3) In-process credential theft protection prevents users from mistakenly submitting their corporate credentials into unauthorized sites.
As soon as a user clicks on a link in a phishing email, a DNS request is generated. It’s impossible to keep up with the high volume of malicious domains constantly being generated, let alone advanced tactics like DNS tunneling. But a DNS Security service with machine learning can identify new malicious domains and quickly detect C2 or data theft hidden in DNS tunneling. DNS Security algorithms use historical and realtime shared threat intelligence to accurately detect tunneling behavior. Implemented at the network level, DNS Security cannot be bypassed and requires no ongoing maintenance like other DNS resolvers.
Security orchestration, automation, and response (SOAR) platforms use “phishing playbooks” that execute repeatable tasks at machine speed, identify false positives and prime the security operations center (SOC) for standardized phishing response at scale. These playbooks codify processes across security products and teams while automating high-quantity actions that can waste time.
A layered defense including Next-Generation Firewalls will create a strong fortress to secure your environment and give you the tools you need to detect and remediate any possible threats. The best part is that subscriptions such as the ones described above can be deployed quickly with a Next-Generation Firewall and benefit from shared intelligence at cloud scale, so that your remote workers are fully protected and don’t fall bait to phishing threats in this era of increased cyber attacks.
To learn more, read Five Major Security Threats and How to Stop Them.
This blog is part of a series, “Reality or Myth,” that covers common security threats and suggests best practices for mitigating them.