Virtualization Technology News and Information
Article
RSS
VMblog Expert Interviews: Cyren Details the Latest in Phishing Attacks and Prevention Techniques

interview cyren 

Launching a phishing attack has never been easier with the proliferation of phishing kit sales alongside how easy it is to front phishing sites using free website hosting and domain name registrars.  More than ever, it is important to understand phishing attacks and protect yourself from them.

To learn more, VMblog reached out to industry expert, Magni Reynir Sigurðsson, Sr. Manager, Detection Technologies at Cyren.

VMblog:  To kick things off, give readers a general overview of this Thrill of the Chase phishing attack and how it impacted the company.

Magni Reynir Sigurðsson:  There will always be cyber attacks targeting a large finance organisation like Chase Bank, however, the phishing campaign we monitored was particularly unusual due to the sustained increase in phishing sites targeting their account holders. We found a 300% increase in phishing URLs usingChase brand and eachURL used a phishing kit to provide the web component, or backend, to the attack.

The attackers sent emails and text messages that had an ‘urgent' call-to-action and a link which lured the victims to the attacker's phishing sites. For example, the attackers may have texted the victim to verify their information by following the provided link and threatened that they'd be locked out of their account if they didn't do so. The information the victim inputted, from credit card details, home addresses, passwords, and even their mother's middle name, was all stolen and stored on the cyber criminal's computer for later use Often, the attackers package this stolen data and sell bundles of the passwords and other personal data on the dark web.

It is incredibly hard to prevent phishing attacks. American banks are required to have safeguards in place to prevent phishing and other forms of fraud but once one phishing kit is removed, another will pop up in its place.

VMblog:  What did you find most surprising about this phishing attack?

Sigurðsson:  The most surprising aspect about this attack was the sheer attack magnitude on Chase we witnessed. Out of the research we collected, Chase was the second most targeted brand behind Office 365. We found a correlation between the increase in URLs related to Chase and an increase in phishing kits built to mimic the Chase banking portal. Criminals have built a supply chain around phishing so that once built, the phishing infrastructure can be sold and deployed onto thousands of active web servers every day. The exposed personal data can then be used time and time again for further attacks, either by the same bad actors, or by different actors who have bought the data.   

VMblog:  Are you finding an uptick in phishing attacks and are they getting more sophisticated?

Sigurðsson:  I would describe the volume of phishing as having a consistent baseline with occasional peaks corresponding to events. For example, fraudsters know security teams are short-staffed during large national holidays so they will increase activity accordingly. They also increase activity around product launches and seasonal promotional events, like Amazon Prime Day.

Attackers are getting more sophisticated in their abilities to automate attacks and launch them on a large scale. The techniques employed for the actual attack are more agile than they are technologically advanced. For example, the phishing kits we analyzed combined multiple simple evasion techniques to avoid detection. Each simple technique is a known tactic, but using them in combination is a novel approach for the phishers. Also, the use of a SMS to send messages is not sophisticated, however, shows that fraudsters are adept at identifying trends in how people communicate.

VMblog:  What do companies need to look out for and what steps can companies take to prevent attacks like this in the future?

Sigurðsson:  Companies need to look out for a futureproof approach to this problem that allows them to gain a strategic advantage. While we will continue to use the word "phishing," the definition of it will evolve as attackers change techniques and vectors. Today, phishing  is a catch-all term for malicious links and impostor attacks. In the future, phishing may describe any kind of social engineering attack through any digital channel. Cybersecurity leaders need to consider how they will protect digital workforces in an increasingly decentralized working environment outside of traditional centralized infrastructure and controls. Fusing principles of zero-trust with advances in machine learning and automation will go a long way to the kind of continuous and autonomous solution necessary to keep cybercriminals and fraudsters at bay.

VMblog:  What steps can companies take to prevent attacks like this in future?

Sigurðsson:  Companies need to impress on their employees and customers the necessity to take precaution when reading a text or email message that looks like it is from a legitimate source. Employees and consumers can do the following to improve their defences:
  • Avoid clicking on links provided in emails or text messages. If in doubt, you can contact the company via the website to check if the message is legitimate and if there is in fact any action you are required to take. There are often pages on the bank's website where customers and employees can find help on fraud and report phishing messages.
  • Slow down. Do not panic, even if the text or email message claims it is ‘urgent'. Take the time to inspect the message for spelling errors and other inconsistencies. Make sure the URL in the browser location window is correct. If something seems fishy, it is probably phishy.
  • Companies can also add an extra layer of defence for their employees by installing inbox security solutions to scan emails for phishing activities. These solutions will not only provide ease of mind to the employees, but it will also reduce the burden on the already overstretched security teams.
##
Published Tuesday, November 16, 2021 7:31 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2021>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011