Phishing Trends: Adapting to Keep Cybercriminals at Bay

Cybercriminals are evolving their attack techniques in order to exploit the latest working practices and cyber security approaches. As organisations we need to stay up-to-date with the latest phishing trends in order to ensure we take the appropriate measures to protect ourselves in this developing cyber threat landscape.

Looking back on the early days of phishing emails, they can seem almost impossibly quaint. We lived in a far less cyber security-aware world a decade ago, and cybercriminals were able to catch victims out with phishing emails telling tall tales of long-lost relatives and wealthy princes. Fast-forward to 2020 and people are far more sophisticated in both their understanding of the cyber threats they face and their ability to spot malicious emails. Unfortunately, cybercriminals are far more sophisticated in 2020, too.

Since the UK Government enforced a nationwide lockdown to tackle the spread of coronavirus, cybercriminals have become increasingly busy targeting remote working users with phishing attacks. Until recently, phishing trends tended to focus on directing users to fake remote login pages that enabled cybercriminals to harvest credentials. However, the ever-increasing adoption of multi-factor authentication and mail filtering as fundamental cyber security best practice has made this method increasingly less profitable. So the cybercriminals have done what they do and pivoted – to targeting third party cyber security software that doesn’t have multi-factor authentication enforced. In this blog post we’ll take a look at these latest phishing trends and how your organisation needs to adapt to keep the cybercriminals at bay.

Phishing Trends: Targeting Mail Filtering Software

Introducing mail filtering significantly reduces the chance of phishing emails reaching users’ mailboxes. However, no mail filtering software is perfect – phishing emails will occasionally slip through the net. At this point you are reliant on your users being diligent enough to spot the phishing email and delete it, rather than click on any links or download any attachments it contains.

Those phishing emails that do slip through the net are increasingly targeting third party services that use shared logins, such as mail filtering software. Certain mail filtering software packages maintain a separate login page through which you can also access and view your mail. These third-party services offer cybercriminals the opportunity to harvest domain credentials without being thwarted by multi-factor authentication. It’s an opportunity that’s becoming far too tempting for cybercriminals to turn down. Here’s how they launch the attacks:

1. Cybercriminals will send a phishing email telling the victim they need to change their mail filtering password. The phishing email will contain a link to a portal that looks like a legitimate mail filtering portal.
2. The victim enters their mail filtering credentials, which are harvested, after which the user is directed to the legitimate mail filtering website.
3. The cybercriminals login to the mail filtering website with the harvested credentials, and send phishing emails to the victim’s contacts.
4. By targeting the victim’s mail filtering software, they have been able to harvest login credentials, access confidential data in the victim’s mailbox, and send further phishing emails from a legitimate email address – all whilst bypassing multi-factor authentication.

These latest phishing trends are proving highly profitable for cybercriminals, and so it’s safe to assume they will continue to use these methods as long as they remain successful. So how should your organisation adapt?

Adapting to Keep Cybercriminals at Bay

If you’ve been playing along at home you can probably guess the first piece of advice: implementing multi-factor authentication for your mail filtering software. In 2020 there really is no good reason for not using multi-factor authentication to control access across your entire infrastructure.

Cybercriminals can and will exploit any vector they can to launch cyber-attacks across your organisation; multi-factor authentication makes their jobs much, much harder.

But the latest phishing trends also warrant a broader assessment of your organisation’s cyber security posture. Here are three ways you can more effectively protect your organisation from phishing and other cyber-attacks:

1. Consider replacing penetration tests with scenario-based testing. Your testing schedule needs to match the dynamic cyber threat landscape we all exist in. Frankly, the traditional annual penetration test is starting to look a little stale. Utilise regular scenario-based testing to ensure your cyber security posture stands up to the actual ways in which cybercriminals will target you.
2. Carry out red team versus blue team testing. Red team testing mimics real-world attacks by deploying a benevolent red team to utilise hacking techniques including social engineering, malware writing and phishing emails to try to access data, whilst a blue team defends the organisation and is trained in how to protect the organisation and expose potential weaknesses as they do so.
3. Continually train your users. Your users are your last line of cyber security defence. Carry out continual cyber security training to ensure that if – and when – phishing emails land in their inboxes, they know exactly how to identify them and what to do with them.

Protect Your Organisation

As we transition into the ‘new normal’ way of working together, we should all be proactive in our approach to handling the cyber threats we face. By understanding developing phishing trends and other cyber-attack methods, we can implement measures to protect our organisations from financial, operational and reputational damage.

Six Degrees delivers managed cyber security and consultancy services that will enable your organisation to enhance its cyber security posture and protect itself from cyber-attack.

The Six Degrees Cyber Clinic delivers free cyber security advice and best practice guidance to help your organisation remain secure during this period of uncertainty. If you would like to contact the Cyber Clinic with your questions or concerns, please get in touch.

We are publishing regular Cyber Intelligence Reports that provide details of known cyber threats related to coronavirus that have arisen, along with recommended remediation steps. You can download the latest report here.