A recent report has outlined how individuals behind phishing attacks are taking more sophisticated approaches to improve their effectiveness against existing defences.
Regardless of the vast investments of organisations in next generation technology, the continued threat of phishing attacks is evolving too, with increasingly intricate techniques. Cofense is a company that specialises in methods of intelligent defence against phishing threats. It believes strongly in training employees to guard against phishing in order to become part of a company’s armour against malware attacks.
In the brand new study, the company illustrates the ever-advancing arsenal of weapons and tactics used by threat actors. It lists ways the attackers continually step up their phishing campaigns with an enhanced capability to penetrate protective systems, such as perimeter controls with malware in the form of messages arriving in end user inboxes.
Cofense report findings
Statistics uncovered include the number of reported threats, itemised by credential phishing and BEC (Business Email Compromise) methods. In the term from October 2018 to March 2019, a total of 31,429 threats were noted after inbox delivery by recipient end users. Out of these attacks, 2,681 arrived via BEC and 23,195 used credential phishing.
The location of 90% of these malicious attacks identified by Cofense were discovered in areas running single and multiple SEGs (Secure Email Gateway). A crucial element of defence against phishing, SEGs are still not impervious to attack.
The defence centre for phishing report verified ShareFile, OneDrive and SharePoint as being among the most commonly violated cloud providers. It stated malicious actors utilise geo-location to avoid analysis and detection by human researchers and security tools, allowing the malware to penetrate SEG defence.
Malware in motion
The techniques and tools of threat actors continue to advance. Cofense CTO and co-founder Aaron Higbee commented:
"Adversaries are constantly evolving their techniques and changing their infrastructure to complicate detection, meaning that indicators of compromise (IOCs) can grow stale extremely quickly.
“For holistic defence, users need to be prepared to identify and report any threats that do reach their inbox. Automated technical defence controls must be blended with a human element in today’s threat landscape. While timely threat intelligence helps head-off attacks and drown out the noise so that SOC teams can prioritise and focus on the most pernicious threats.”
An increase in attacks via public and open-source tools was also identified by the Cofense report. The use of authentic accounts in Microsoft Office 365 to collect user credentials to enhance the success of malware delivery to user inboxes is also on the rise. Cofense describes end users as the final line of defence against these attacks when malware is able to slip past defences.
If your business utilises collaborative platforms like SharePoint and OneDrive, you may have questions and concerns about the security of your company data. At WM Reply, we are specialists in the use of Microsoft technology to facilitate the smooth running of business intranets. For advice on best practices and keeping your system safe, contact our team of experts.