Phishing: A top cyber attack vector for enterprises
by Raymund Taylan, Senior Security Advisor
15 July 2021
As technical advancements in detection continue, cyber criminals are putting more time and effort into ensuring their attacks are successful. Today, cyber criminals are leveraging both cloud and email sending services to continually increase their success rates in infiltrating targeted accounts.
Despite the fact many advanced and sophisticated technologies are highly available in the cyber security space, many user accounts are still being compromised through email phishing.
Forms of phishing
Credential phishing and business email compromise (BEC) are the main forms of phishing used by cyber criminals to gain access to corporate networks and steal data for financial gain.
Both credential phishing and BEC have one goal – to gain unauthorised access and eventually steal data, earn money, and breach the organisation.
In credential phishing, cyber criminals utilise known services in an email to lure the target victim. Compromised accounts are then used to perform lateral movement inside the compromised network and launch malware from a victim’s device to exfiltrate data. They get paid off by extortion using stolen, encrypted data or by selling the victim’s data on the dark web.
Business email compromise (BEC)
To engage more with the target victims, BEC uses techniques to pose as someone in the business such as the CEO, CFO or other members of staff/vendors that normally demand urgent actions from the target victim. This phishing technique exposes an organisation by requesting fraudulent payment transactions from another spoofed vendor once the unfortunate target victim has acted on an email’s bait.
How did this phishing email reach the user’s mailbox?
Not all organisations have (a) deployed the right set of tools to maintain high visibility and control to block the phishing emails that are coming into user’s mailbox and (b) a team of IT security professionals who can detect and respond to a phishing attack.
Call to action: Lean team approach
Considering the scarcity of experienced IT security professionals and the ever-evolving tactics and techniques of cyber criminals to gain unauthorised access, it’s best for organisations to consider and utilise seasoned IT security experts from a third-party organisation, i.e. a Managed Security Service Provider (MSSP) that provides SOC as a Service, SIEM as a Service, server patching, etc. Offloading a portion of security functions to a third-party company is one of the best ways to mitigate and manage the increasing sources of information risk.