It’s Cybersecurity Awareness Month – don’t fall for the phish. Phishing – when a bad actor poses as a reputable sender in order to gain access to information, credentials, or deploy malware (including ransomware) – is one of the biggest issues in cybersecurity today. In 2020, phishing was responsible for over $54 million worth of losses in the United States alone according to the FBI Internet Crime Report, the number of cases more than doubling since 2019.
Phishing can bypass sophisticated perimeter security by preying on busy users with divided attention. Even the most innocuous email can be a phishing attack. A link to a birthday card from grandma can actually be a bad actor; a note from a manager can be sent from a false email address. Techniques have become more advanced, and a phishing email can be extremely difficult to spot.
The consequences of falling for a phishing attack can be catastrophic. Once the phisher has obtained the desired information, they can use it to obtain false credentials, pretending to be the person they phished. This stage of the attack is especially dangerous in cyber environments where there is no assumption of breach and therefore inadequate verification of identity transactions. In those cases, the phisher is granted full access to everything the phishing victim had. Through lateral movement, these credentials can be used to perform larger, more devastating attacks.
How to combat the phish
The first line of defense is to employ a secure email gateway and post-delivery protections. Next, make certain your users are well-trained in spotting phishing attempts through tailored simulations and tests like those offered through QOMPLX’s Offensive Security Services. Consistently encourage your users to carefully examine emails and texts and not click on suspicious links. Even with precautions, someone in the organization falling for a phishing attack is still quite likely.
Managing privileges so that credentialed users on a system only have access to what they need through the principle of least privilege is one way to reduce damages. Having users that are too highly privileged, makes a hacker’s job much easier. QOMPLX Privilege Assurance identifies weaknesses in Active Directory environments and helps organizations limit the blast radius of each user in the event they are compromised.
Once a bad actor has gained entry into the infrastructure through phishing, it’s incredibly important to detect lateral movement, credential compromise, and privilege escalation attacks in real-time. These attacks can only be accurately detected with a massively scalable tool that can monitor and validate all identity-related transactions. QOMPLX Identity Assurance provides solutions for both the Cloud and on-premises servers by validating that each user who requests access is truly who they say they are.
Phight the phish! Be careful, be aware, and make sure everyone is who they say they are on your network.