By Rahul Bogala, Director – IT Solution Engineering, Pre-sales and Products, Rahi
Phishing has become a rage among the threat actors, communities to start exploiting people. While the technique isn’t new, the rapid adoption of cloud technologies across the globe has created a new playground to begin executing their malicious intent. This has stirred concern in the CIOs
community which is already struggling to combat the ever-evolving cyber-attacks. What makes the situation worse is the speed at which threat actors can launch an attack on an enterprise.
In fact, as per Michael Connory, CEO of Security In Depth stated that it only takes a few minutes for experienced threat actors to attack an enterprise network. Furthermore, phishing techniques can take a heavy toll not only on an enterprise or industry but on the economy as a whole. In fact, as per a 2022 report from Hoxhunt, cyber-attacks cost the global economy a whopping $6 trillion. Given the substantial havoc phishing attacks can bring on an enterprise and the industry as a whole, CIOs should make themselves aware of the latest phishing attacks in 2023. Here are a few phishing techniques that CIOs should be aware of in 2023 and beyond:
Impersonated brand phishing
Brand impersonation scams are increasing rapidly. In fact, as per Checkpoint’s “2022 Q1 Brand Phishing Report,” phishing attacks impersonating known social networking entities made up over half (52%) of all attempts globally in the first quarter of 2022. This highlights a 44% increase compared to the previous quarter. Brand impersonation phishing attacks are often prevalent especially during the holiday season
when they send out multiple emails on the latest coupons to entice customers. Sadly, this also provides an opportunity for threat actors to impersonate the brand. They breach the network, take over accounts, do email spoofing, and much more.
Spear phishing
Spear phishing is another way threat actors compromise the security of an enterprise. It involves threat actors executing their malicious intent by impersonating the brand. For instance, if an employee receives an email from an unknown brand, they’ll know that it is a phishing attempt and delete it. However, if they receive an email for example, from their bank, they will more likely fall victim to a potential scam. This is an example of spear phishing.
With the advancement in automation and machine learning, threat actors are now equipped to send thousands of targeted spear phishing attacks with the potential to cripple the target. In 2022, of all the zero-hour attacks detected, 76% were spear phishing credential harvesting.
Geo-targeted Phishing Threats
Threat actors turn to geo-targeted phishing when targeting a specific country, region, or city. They often leverage data on current events, local customs, or language differences to make their phishing emails seem more believable. These threat attacks can also be challenging to identify since they use data easily accessible to the public. With phishing attacks continuously becoming more sophisticated, geo-targeted threats will continue to be a priority of CIOs in 2023 and beyond.
Multi-Factor Authentication (MFA) Phishing
MFA has garnered a reputation as being a robust defense against phishing attacks. But phishers have devised new ways to circumvent MFA by using evolving strategies. One such factor is “Phishing 2FA.” A type of phishing attack, MFA focuses on the second factor of authentication, usually, a one-time code either sent via text message or generated by an
authenticator application. These threat actors trick their target audience into providing their second-factor code by sending phishing emails or text messages. This enables the attacker to access the account even with the MFA in place.
Steps CIOs can take to tackle them
In 2023, CIOs should train their employees regarding brand impersonating practices. They should emphasise and regularly conduct security awareness practices that will significantly reduce security risks and thus create a safer environment for the overall IT enterprises. Another step enterprises can take to deter phishing attacks is by implementing anti-phishing security measures. For instance, using machine learning tools, CIOs can create gamified and tailored security training programs for each individual depending on their current level of awareness, position in the enterprise as well as browsing behavior. Furthermore, deploying anti- malware, antivirus, and anti-spam tools along with key applications are patched and updated. Continuously updated with evolving phishing techniques.
Although technology will enable CIOs to create better measures against security threats, it is equally important to note that these strategies are continuously evolving.
Hence, it is critical for enterprises to stay informed on the latest tactics used by phishers as well as implement multi-layered security solutions. Furthermore, CIOs should arm their employees with solutions that will help them to be smarter, more resilient, and more responsive.