Example content

The Evolution of Phishing: A Real Example from WatchGuard

Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign in which malicious actors will send the same phishing email to a large number of recipients with the aim of deceiving at least a small subset of those potential victims. Not to be confused with spear phishing, which is a more targeted email phishing attack that uses specific knowledge or details about the recipient (s) to further entice them to provide sensitive information. Phishing is an ongoing problem that businesses are aware of and constantly strive to eradicate, and for good reason. Year after year, statistics show that IT decision makers are highlighting social engineering attacks as one of the biggest cyber threats they face, leading to business disruption and financial loss.

The general consensus about phishing attacks is that these attacks are growing in number, have consistent success rates, increase costs for businesses, are commonly used to spread malware such as ransomware, and evolve. For example, The Anti-Phishing Working Group publishes a quarterly report showing current trends in phishing, and its most recent report shows that phishing attacks doubled last year due to the COVID-19 pandemic and that phishing rates have remained stable but high. level. The FBI’s Internet Crime Complaint Center (IC3) recorded similar results showing a doubling of phishing complaints over the past year. As phishing attacks increase, so does the number of breaches, and these breaches cost businesses significant amounts of money. IBM’s annual ‘Cost of a Data Breach’ report, with research conducted by the Ponemon Institute, found that the estimated total cost of a data breach in 2020 is approximately $ 3.86 million. of dollars and increased further to reach $ 4.24 million in 2021, the highest average cost in 17 years. The loss of sensitive information is not the only threat of phishing attacks. Verizon’s Data Breach Investigations (DBIR) report shows that almost all malware (96%) is transmitted via email, including ransomware.

However, this article was created to highlight the evolution and complexity of phishing attacks using real-life examples from WatchGuard employees. The evolution of phishing has spread beyond email to other communication media such as SMS / text messaging services (SMiShing), voice calls (vishing) and social media (online phishing). ). Just recently, WatchGuard employees encountered two of them: SMiShing and phishing by anglers. As you might have guessed, SMiShing is phishing, or social engineering, using SMS and text messaging services like WhatsApp, Signal, and Facebook Messenger. Angler phishing occurs when threat actors use social media communications to masquerade as a legitimate customer service representative in order to gain information. This can take the form of SMS social media services as well as Instagram, Twitter, or LinkedIn direct messages, among others.

The first incident experienced by a WatchGuard employee concerns LinkedIn. A user named Emily Nora was posing as a WatchGuard employee in a “Link Building” role, which does not exist. This bogus employee attempted to log in and contact multiple WatchGuard employees, likely simply by going down the list of employees associated with the official WatchGuard LinkedIn, to phish sensitive information. Fortunately, WatchGuard employees immediately quelled this phishing attempt by the anglers. A screenshot of this fake employee attempting to connect to an official WatchGuard employee is available below.

Another interesting phishing attempt took place via WhatsApp. A user posing as WatchGuard CEO Prakash Panjwani attempted to complete an overseas transaction (an acquisition) by hiring a WatchGuard employee to handle the payment. They used the official image of Panjwani and used social engineering tactics to try and get the employee to take the action (send a payment). Again, this SMiShing / Angler phishing attempt has been detected and reported to the appropriate channels within the organization.

Protecting against phishing attacks of all types should always begin with proper problem training. Studies show that phishing attack simulation and gamification help users detect and prevent phishing attacks. However, this short article highlights the importance of training not only for email phishing, but also for phishing through all possible communication media your organization uses – primarily training on phishing, vishing, SMiShing and the Angler. Common sense and your “gut instinct” go a long way beyond training, in detecting and preventing phishing. For example, if your organization has an employee directory, you might search for an employee like Emily Nora or know that a current role doesn’t actually exist. Another example is knowing that the CEO of your organization is unlikely to contact you through WhatsApp to make an important business decision such as an acquisition. However, these scenarios are on a case-by-case basis for each organization. The safest route possible is to simply report any suspicious communication to a security professional within your organization, if possible.

The references:

APWG 2Q 2021 Phishing Activity Trend Report (https://apwg.org/trendsreports/)

FBI IC3 Report 2020 (https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf)

IBM cost of a 2021 data breach (https://www.ibm.com/security/data-breach)

Verizon DBIR (https://www.verizon.com/business/resources/reports/dbir/)

Source link

Leave a Reply

Your email address will not be published.