Multi-channel phishing is fast becoming the preferred way for cybercriminals to deliver successful attacks because they know there are gaps in cyber defenses. While organizations focus on protecting email from phishing and malware, there are gaps in protection defenses for other channels. Leaving other communication channels with limited protection is a giant welcome sign to cybercriminals to target your high-value users, and they have done so with increased success. As the world braces for the threat of increased cyberattacks from the recent events in Ukraine and Russia, one of the areas of concern for cybersecurity leaders is multi-channel phishing. Here are the top three reasons multi-channel phishing should be on every cybersecurity leader’s list to address in 2022.
- With 71% of companies using cloud or hybrid cloud collaboration tools, it’s fertile ground for credential stealing. If users are reusing the same password on multiple work accounts like Zoom, Microsoft 365, and LinkedIn, it is easy to gain credentials to one and then use it to gain access to other platforms that share the same credentials. Gartner recommends a recent report, What Does the Russia-Ukraine War Mean for Cybersecurity Leaders? They recommend cybersecurity leaders should “Communicate about the risk of multi-channel phishing (i.e., email, voicemail, IM, Teams/Slack, SMS, etc.) and social engineering related to the ongoing events.”
- The modern workforce is hybrid, and remote work is here to stay, requiring cybersecurity leaders to focus on multi-channel phishing protection. Cybercriminals are capitalizing on digital channels that aid the productivity of remote workers like SMS/Text, Slack, LinkedIn, Zoom, Microsoft Teams, Google Meet, and WhatsApp. These channels are less protected and provide an easy way to trick users, steal credentials, and ultimately exfiltrate data from an organization. A growing trend for cybercriminals is to use WhatsApp and SMS to send malicious URLs that appear identical to an MS Teams meeting invite, which they use to harvest Microsoft 365 credentials. This benign invite contains a malicious URL that takes the user to a landing page asking them to enter their Microsoft 365 credentials, and just like that, a user has given up their login credentials.
- Phishing attacks from legitimate services like AWS, Azure, outlook.com, sharepoint.com, and more are the most dangerous because, in most cases, they will bypass most phishing detection tools. SlashNext Threat Labs saw 3M legitimate infrastructure attacks with a 57% increase from Q4 21 to the first months of 2022. The risk increases outside of email, where users are less protected. The LinkedIn breach keeps on giving, and cybercriminals continue to use this information to automate targeted attacks to trick users into sharing sensitive information, as seen in a recent spear-phishing attack. This attack might be stopped if the URL was malicious, but what makes it most dangerous is it’s hosted on legitimate cloud infrastructure, in this case, Weebly, and will bypass most phishing detection tools.
Multi-Channel phishing is a growing concern for cybersecurity leaders because they know phishing attacks are getting through gaps in their current defenses. In addition, some users are accessing corporate tools outside of all security defenses. The only way to know if you have a multi-channel phishing problem is to assess the phishing attack surface in your organization. Here are a few questions to get started: Where are your employees protected from phishing? Are they protected when accessing URLs on their browser or their mobile device? Are your users protected from zero-hour threats in real-time? Answering no to these questions can indicate your users and the organization is at risk.
Visit slashnext.com for a more in-depth look at multi-channel phishing and more information on how to protect your organization from these threats.