What is a phishing attack?
Phishing is a form of social engineering attack, where the attacker sends malicious messages such as emails or SMS messages to potential victims in order to steal personal information such as credentials, bank information, or credit card number. It can also be used to trick the recipient into installing malicious software like ransomware or other phishing software.
There are additional types of phishing, and phishing attack malware, that describe more specific use cases:
- Spearphishing - This is a phishing campaign that is tailored for specific companies or even individuals.
- Whaling – This phishing attack tries to trick the victims into transferring large sums of money to an attacker, by impersonating a high-ranking individual such as a CEO, COO etc.
How does phishing work?
Attackers can gain personal information through phishing by sending malicious links that lead to an attacker-controlled website. This website can be a copy of a legitimate website (such as a company login portal or a bank website), tricking the victim into inserting their credentials. This technique can also be used to steal a second login factor such as OTP (One Time Password).
Another method attackers use is to either send malicious attachments or links. These links lead the victim to a malicious website where malware is downloaded.
Phishing attacks examples
As all organizations rely on emails for their daily business, email is utilized by all types of threat actors, against all private and even governmental sectors. Attacks often bypass anti phishing software, allowing phishing attack malware to pass through or personal information to be compromised.
- A China-aligned threat actor used spearphishing to compromise European government agencies involved with Ukrainian refugees. The threat actor was able to compromise a Ukranian armed service member’s account and use it to target government personnel in charge of the transportation of refugees. The phishing emails contained malicious attachments that downloaded the SunSeed malware. Sunseed is later used to send additional directives, spread inside the infected network, and gather intelligence regarding the organization and movement of refugees across Europe.
- Infamous ransomware gangs such as Conti and REvil utilized spearphishing on a routine basis to gain initial access to their victims. Once they gained access, they were free to perform lateral movement and further compromise their victims until they were ready to release their ransomware and extort their victims.
- Text messages are also heavily utilized to trick employees into disclosing their credentials. Recently Twilio disclosed a data breach where spearphishing text messages were used to trick employees into thinking they need to reset their passwords through a specific link. Once they clicked this link, they were redirected to a malicious site that impersonated Twilio sign-in page, where their credentials were effectively stolen. These credentials then were used to access the personal data of 163 customers, with a user base of 270,000.
- One of the biggest whaling attacks cost the CEO of FACC his job, after the company lost approximately 50 million euros to a phishing scam. The attackers impersonated an executive and tricked the victim into transferring large sums of money to the attacker's account.
Challenges of preventing phishing attacks
Phishing attacks are tricky to defend against, as they target vulnerabilities in humans, instead of computers. While there are common-sense protections that can be taught to employees (such as not clicking unknown links from an unknown source and not opening suspicious attachments), these are far from perfect. Not only because people are imperfect, but because many companies employ people whose entire job is to open emails and attachments from unknown sources.
Another challenge of preventing phishing attacks is that it can come in many forms: emails, text messages, and even social media. These are channels that are almost impossible to block by phishing security software. Simply put, one cannot firewall an employee’s emails – let alone text messages or social media.
Preventing a “Successful” Attack
The conclusion is that a phishing attack malware is probably going to get through at one point or another and reach several of your employees. However, with the proper defenses, even the most sophisticated phishing campaign can be mitigated by implementing defenses that tackle a successful phishing attack, instead of trying to only block the phishing messages themselves.
- MFA everything: Even after a successful phishing campaign that stole credentials, these credentials become useless to an attacker if every access is protected with MFA.
- Use Strong MFA: Simple MFA such as text messages or push notifications can be bypassed with various forms of phishing (or push notification spamming). Use strong MFA that can’t be hijacked such as number matching or FIDO tokens.
- Microsegmentation: When phishing attacks manage to install malware on a host, microsegmentation ensures that other hosts in the network are protected because lateral movement or exploiting a vulnerability is not possible once there is no network access to other hosts.
- Secure transfer processes: Make sure that the transfer of funds goes through a secure process (especially for high sums) that blocks transfers to unknown accounts without proper authorization.
The Zero Networks solution
Zero Networks is an MFA-based microsegmentation solution, that enables a fast and easy way to achieve Zero Trust posture. This posture protects your organization against phishing attacks that breach the network from spreading to additional assets inside your network. Our just-in-time (JIT) access ensures that even stolen credentials through phishing cannot be used to spread, as the attackers does not have the required MFA to access any privileged services.
About Zero Networks
Zero Networks is solving the biggest challenge in cybersecurity: making military-grade network security available to everyone. Using MFA along with microsegmentation at scale creates a new paradigm: microsegmentation actually works! And it is fast, easy, effective, and deployable by anyone. This modern approach is self-service and automated, eliminating the need for agents while leveraging your host-based firewall for enforcement.
Zero Networks is proud to work with companies large and small around the world, helping them protect their networks from breaches and ransomware.