The continued attempted hacks against computers used by the staff for political parties and citizen groups at the core of our deliberative political system is increasingly disturbing. Phishing attacks, traditionally associated with the banking and financial industry, were at the very center of the attack on our election in 2016. It demonstrated how phishing attacks are rapidly spreading to any company with a website requiring customers to login and share their personally identifiable information.
Phishing is one of the most popular attack vectors for stealing user credentials, allowing cybercriminals to gain access to a user’s system and help themselves to sensitive data. The 2019 Verizon Data Breach Investigations Report reveals that phishing remains the number one cause of data breaches. It’s been around for decades, because it’s one of the most reliable ways to overtake a target’s accounts.
A post-mortem of the phishing campaign that compromised the emails of the Democratic National Convention revealed that Russian GRU hackers sent almost 30 phishing emails to various targets at the DNC before they succeeded. That’s the advantage of being a hacker: they only have to be successful once. But a defender has to be successful every time.
And yet, even with the benefit of hindsight and post-mortem forensics, the U.S. just experienced a case of “Déjà Vu” when reports broke that nation-state hackers targeted staffers for the Trump re-election campaign. Microsoft disclosed that during the months of August and September, Iranian hackers launched 2,700 attempts to identify specific target email accounts, including those belonging to current and former U.S. government officials, journalists, and Iranians living outside Iran. They ultimately attacked 241 of those and successfully compromised four—none of which were associated with the U.S. presidential candidate or government officials. This group is also reportedly targeting cybersecurity researchers using the same tactics.
Such successful attacks haven’t gone unnoticed, and in recent years, businesses and security vendors have focused on detecting phishing emails and training employees to spot signs of phishing campaigns. Blocking suspicious emails and building employee awareness are a good start, but this approach doesn’t extend to the most vulnerable target: a company’s customers. Customers use a wide variety of email systems that aren’t under a company’s control, and they rarely undertake any formal security training, making them soft targets.
Worse yet, these phishing attacks are relatively easy for a hacker to execute. The first step typically involves copying a website containing a login page used by target customers, then tweaking that page to steal the credentials. Free, easy-to-use applications make this a snap. The hacker then hosts the website on a server, usually employing a URL that looks authentic but is subtly incorrect (such as “bankofcmerica.com”). The hacker sends phishing emails with links pointing to the spoof site, and then harvests credentials from the deceived customers.
Pitfalls of Legacy Phishing Detection Tools
To detect these attacks, most organizations take the approach of trying to find the spoof sites–searching for brand images and relevant content that has been copied from the original site. Domain registration monitoring (e.g. looking for domains with slight misspellings) can be helpful as well. But these approaches have substantial limitations, such as:
A more sensible approach is to focus on early detection and a smarter mitigation strategy that is painful to the attacker and provides actionable data for targeted organizations. Using patented beacon technology, Allure detects a spoof websiteas soon as it’s viewed by the first visitor during a phishing attack. This helps security teams initiate the takedown process immediately while simultaneously collecting information about the victims and striking back at the hacker. The Allure SaaS solution goes beyond current approaches to phishing detection and helps organizations in the following ways:
Modern Phishing Attacks Require a Modern Approach
It’s time to get proactive about a pervasive security problem that is only increasing as more transactions between businesses and customers move online. To find out more about how the Allure SaaS solution can significantly improve your business’s response time to potential phishing attacks, protect customer data and preserve brand reputation, contact us today.
Posted by admin