Phishing attacks continue to be the most effective form of cyber-attack against businesses in the UK. According to the latest Cybersecurity Breaches Survey, a study designed to take the cyber resilience pulse of the UK, phishing emails are the start point of 84% of attacks on companies.
With organizations like Crawford increasingly using more sophisticated email defensive technologies, threat actors have adapted their techniques to bypass these security controls. While the functionality upon which phishing attacks are built is relatively straightforward, cyber threat actors are applying increasingly sophisticated strategies to their attack matrix to enhance the perceived authenticity of phishing emails.
One of the most recent strategies identified by Crawford Incident Response is to employ phishing attempts that are linked to legitimate file-sharing services, such as Dropbox, Google Drive, DocuSign, SharePoint and OneDrive.
The process involved is simple. Threat actors upload malicious files to a particular file sharing service, then share that file with a target list. An email notification is then automatically sent from the file sharing service itself, rather than from the threat actor, which enables them to bypass security controls.
Some attempts add context to the file name to appear legitimate to their targets, a technique called spear-phishing.
In most cases, what will happen is that an individual within the organisation will receive an emailed invite from the file sharing service provider. Once opened, they will likely be viewing a fake document which will include an additional link to access the particular file.
In most instances, the shared file is one large hyperlink, so any click within the document will open a browser, requesting your credentials using a fake Microsoft sign-in prompt. This technique will enable the threat actor to gather your credentials and multi-factor authentication (MFA) tokens, allowing them to gain further access to company’s wider computer systems.
While phishing and spear-phishing attacks have been a common form of cyber assault for a number of years, the fact that they continue to be the most effective means of breaching an organization’s digital defenses clearly demonstrates that security efforts are failing to keep pace with the rapidly evolving strategies of threat actors.
A robust cyber security strategy must span every phase of the phishing cycle. Such an approach extends from putting in place steps to reduce the likelihood of an attacker being able to reach your staff and employing comprehensive training programs designed to enable employees to detect potential attacks, through to adopting comprehensive security measures including MFAs and other authentication measures and ensuring that incidents are responded to quickly and effectively.
The ease by which actors are able to mold their phishing strategies to fit through the tiniest gap in cyber security infrastructure means that they will continue to be a primary means of attack. The onus is therefore on the organisation to make sure that every potential gap is filled.
To learn more about how to bolster your cyber security measures or to find out more about what an effective incident response looks like, speak to William Gow, Director, head of cyber & technology risks in the UK.