As we near the end of the year, it’s always nice to look back and reflect on trends we saw. Phishing threats are continually evolving, and our blog topics reflect that. Here are some hot topics that we saw this year.
- The threat detection deficit needs your attention – The goal for organizations needs to be shrinking the time between infection and detection. We’ve seen reports that show the time between intrusion and detection fell from 26 days in 2017 to 14 days in 2018. Time to discovery was much higher in the second report at 101 days in 2017 and falling to 78 days in 2018. Regardless of the disparity between these two estimates, the good news is that these times are shrinking and some of the improvement (25%) is attributed to automated detection. The bad news is that the time from system compromise to the time when the target, or asset, is breached is just minutes. Operating undetected for 14 to 78 days – or in the case of O365/ATP up to 250 days – after compromising a system gives cybercriminals an enormous amount of time to do serious damage. The key is automation!
- Two-factor authentication (2FA) is not sufficient enough protection – While this two-step security approach is certainly something that any cybersecurity expert would advocate, all it really does is make determined cybercriminals create a two-step phishing attack to bypass it. One site to capture usernames and passwords, and another phishing site to capture the additional 2FA code.
In fact, we blogged this year about 2FA on several occasions:
- 4 Phishing Attack Techniques that Bypass or Defeat 2FA
- Two-Factor Authentication (2FA) is Just One Part of a Layered Phishing Defense
- Demo of New Automated Phishing Attack that Hacks Two-Factor Authentication
- FBI Alerts that 2FA is Bypassed by Phishing Attacks
- Browser extensions continue to be a phishing attack vector – As we mentioned in our blog Exploiting Browser Extensions Compromise Corporate Networks back in March, browsers act like apps, but unlike web applications, they aren’t bound by the Same Origin Policy (SOP). The SOP prevents web applications from accessing data from other web applications unless mechanisms such as Cross-Origin Resource Sharing (CORS) are implemented on both applications. Browser extensions are not bound by this restriction, so they can read and write data. They can access user information such as bookmarks, browsing history, and – you guessed it – cookies (or user credentials).
Another problem is that whether it’s through a silent install or explicit install of a seemingly legitimate but rogue browser extension, many of these extensions are comprised of simple HTML5 and JavaScript. They are file-less and execute almost entirely in browser memory, which evades anti-virus and other endpoint protection technologies.
- Threat actors continue to target the C-level suite – This year’s Verizon Data Breach Investigations Report showed that social engineering threats that target the C-suite were up 12-fold over 2018 levels. Frequently the social engineering phishing attacks came in the form of emails that appeared to be from one C-level executive to another – often a CFO with access to financial assets. Since these C-level executives have further reaching access to sensitive company data and financial access, and since these executives are rarely challenged over their actions in the near-term, they are growing as a target.
- The healthcare industry is a soft target for phishing attacks – Cybersecurity in healthcare organizations is underfunded, primarily because the sophistication of cyberattacks increases at a faster rate than prevention capabilities, there are too many competing priorities, and the cost of countermeasures is too high. This lack of focus on security is concerning.
The 2019 data breach numbers drive home both this lack of focus on phishing security and the obvious need for it. What healthcare industry organizations need for protection is a zero-hour, real-time phishing threat prevention solution that enables them to block employee web traffic to phishing sites, stopping the attack near the start of the kill chain, before malware downloads and credentials are stolen.
Start a free 15-day trial of Real-Time Phishing Threat Intelligence or contact us for a demo to see how you can use SlashNext’s patented SEERTM threat detection technology to defend against the latest phishing trends.