Phishers are continually coming up with new tricks to get users to click on malicious links and share sensitive login information.
Enterprise phishing attacks predominantly take the form of simple credential phishing emails, i.e., attempts to trick an employee into entering a username/password on an attacker-controlled website.
Office 365 users are preferred targets. Successful attackers are using Microsoft’s hosted Office 365 infrastructure to pull off every phase of the attack. They send the phishing email from an Office 365 account and point the victims to a phishing page that is hosted on OneDrive or SharePoint.
This makes it near-impossible for traditional anti-phishing technology to block the attack. It also makes it more likely that the user will trust the phishing page and enter their login credentials.
BEC (Business Email Compromise) scammers are another group that successfully leverage phishing. They manage to steal millions from all types of organisations and private individuals, usually by compromising legitimate email accounts.
Among their latest tactics are payroll diversion (they impersonate employees to trick payroll administrators into updating employees’ bank account information, to deliver salaries to a bank account they control) and impersonating CEOs to trick employees into sending iTunes gift cards.
No industry vertical can afford to be complacent about the threat of phishing, and especially not those industries that rely heavily on email for business to business communications.
The future of phishing
60% of real phishing attacks that enterprises face are simple credential phishing, and these attacks will continue to succeed until organisations can get near-total coverage on push-based multi-factor authentication.
Once push-based MFA frustrates attackers, they will move to tricking employees into granting permissions to API-based SaaS applications (e.g., Slack, Github, Office365, Dropbox, etc.).
IT administrators should carefully track and catalog their cloud-enabled services. If they are looking for a good place to start, they should carefully examine Slack authorizations their technology teams have enabled.
In the meantime, though, successful cyber leaders are harnessing the power of a resilient workforce by using phishing simulations to ultimately minimize the threat. They are conditioning their workforce to recognise and report phishing emails and have operationalised those reports into a real-time work flow to stop real attacks.
The Cloud Consultancy provision, migrate and support Office 365; Office 365 Backup, Recovery and Business Continuity; Office 365 security solutions to protect against Phishing, Viruses and Malware; Design and Build Great Websites;Document Management solution for small business; Interim IT Director services