Essential Steps for a more effective Phishing Mitigation Plan

Written By Guest User
illustration of a fishhook in an envelope with money falling out, a laptop

Sivan Tehila, co-authored by Jacob Leichter

As the Russia-Ukraine conflict continues to rage on, the attack surface has expanded beyond physical borders and into the cyber arena. Opportunists and state-sponsored threat actors have all begun to take advantage of the turmoil by launching campaigns against governmental, military, and corporate bodies in Eastern European and Western nations. This is not particularly out of the ordinary, as many of these entities have already been the targets of malicious parties prior to the current geopolitical situation. What has changed is the frequency of attacks, with some vendors detecting as much as an eightfold increase since the end of February 2022. The majority of these are phishing scams, a common method used by threat actors to either implant malware on a device or to steal credentials for access into a network.

Phishing and its various counterparts, like SMShing, vishing, whaling, etc., are not a new phenomenon. Social engineering tactics have been employed for decades, if not centuries. However, threat actors are constantly devising new techniques to remain one step ahead of security practitioners. One potential, novel approach is a Browser in the Browser (BitB) attack, first described by mr.d0x, an acclaimed information security researcher, in March 2022. This tactic uses HTML or CSS to craft near-perfect replicas of popup authentication windows from various websites. Leveraging JavaScript functions can make the URL seem legitimate, making BitB a maneuver that can dupe even the most careful of Internet users.

Threat actors wield exceptional levels of craftiness and innovation when waging phishing campaigns against potential victims. An operation can be run so smoothly that the target may not even realize what has occurred. Given the recent spike in such attacks, particularly against high-profile Western and NATO-aligned establishments, now is the best time to reevaluate existing plans of action or to develop a new defense strategy. Here a few tips to creating effective mitigations against phishing.

1. Stop Attacks Before They Reach Their Marks

Phishing campaigns can take various forms, but they often begin with an email. Vishing attacks use phone calls as their method of information collection. Some of these are very convincing, with the contents and even sender addresses in an email being nearly indistinguishable from their legitimate counterparts. Because of the high degree of similarity or plausibility, many users may fall victim to the ploy and divulge information. The problem, it appears, is when the attack reaches its mark.

To help mitigate this threat, organizations should employ spam blockers on their email clients. These tools can filter out messages from unrecognized addresses or messages containing suspicious links, files, etc. Similarly, caller ID and scam detection can be implemented on cell phones to screen incoming calls and warn users before they pick up. In this manner, the fraudulent communications never reach their intended recipient, minimizing the likelihood of anyone falling for the scheme.

2. Require Multifactor Authentication

A threat actor may impersonate a helpdesk technician or use a Browser in the Browser attack as part of their campaign. An unwitting employee may fall for the ruse and give up their credentials. This gives the malicious party an ingress into the network, granting them the ability to navigate to more privileged accounts to exfiltrate sensitive data, interrupt business operations, or execute other destructive plans.

Multifactor authentication (MFA) is an added layer of security and should be a required practice for all organizations. MFA employs the combination of a classic login with a secondary authentication method, which can include a biometric scan, a one-time code sent to or retrieved from a smartphone, or even a geolocation requirement. These extra means of verification can rarely, if ever, be accessed by attackers. Even if a username and password is stolen, MFA can prevent those credentials from being useful. Additionally, if an employee receives a one-time code on their phone but did not attempt a login, it serves as a warning of potential compromise and indicates the need for immediate investigation into the source of the breach.

3. Keep Antivirus/Antimalware Updated

Phishing emails may include files or links with malicious payloads. These payloads can install malware onto the victim’s endpoint, which can give the threat actor backdoor access onto the device or execute automatic functions that corrupt data or interrupt normal operations. The malware may be a well-known bug with identified signatures. If this is the case, then antivirus solutions would be able to catch the program and contain it before it can cause too much damage.

Because of this possibility, it is crucial to regularly update antivirus and antimalware solutions to recognize known malware signatures. Updates should be rolled out on a regular basis to all endpoints across the network. Ideally, these updates should take place during off hours to avoid any interruptions to business operations.

4. Hold Regular User Trainings

This is perhaps the single most important piece of advice regarding defense against phishing. The human user is the weakest element in the security chain. They may also be targeted first by cybercriminals looking to breach a network. As such, users must be properly trained in safe Internet practices and informed about what could indicated a potential phishing campaign. Simulations should be incorporated into the trainings to make it more applicable to real-world scenarios and to make the experience more engaging and interactive.

Trainings are most effective if conducted at regular intervals. This, coupled with reminders posted around the office, helps to keep safe Internet behaviors at the forefront of employees’ minds while at work. There should also be a way to report suspicious emails to the security team. Additionally, management must create an environment where employees are not punished or targeted for falling victim to a phishing attack; rather, they should be given supplemental trainings. Doing this ensures that employees will feel comfortable disclosing their mistakes and be more willing to learn from the incident.

Phishing campaigns can be difficult to spot, making them a slippery attack vector with a high chance of success. This may be discouraging to security teams and frustrating to senior management looking to protect their organization’s resources from malicious parties. However, there are steps that can help mitigate the damage caused by this ever-popular tactic. Using multifactor authentication and up-to-date antivirus solutions are good defenses for the machine side of the enterprise. The best protection is training users to be aware of phishing attacks and how to navigate the Internet safely and responsibly. Remaining vigilant to best practices as they pertain to the users and endpoints of an organization are the most effective steps to creating a strong security posture against phishing.

Guest User
Previous

The Purview of a CISO
Next

5 Tips to Maximize Your SIEM/SOAR Capabilities