Phishing Continues To Present New Threats

The cyber-attack against Anthem Inc., which the insurer says may have started with a spear-phishing campaign targeting five of its employees, is a warning sign of the kinds of sophisticated schemes that may be common in the year ahead.


If the Anthem breach is a result of phishing it’s emblematic of what many security experts are expecting to see in the evolution of attacks against companies and their employees.


Risks From Social Media


A growing number of cyber-attacks, including the breach of JPMorgan Chase, have originated with spear-phishing campaigns that target a small number of employees who have access to data systems and services housing sensitive customer information.


This is highlighting the evolution that’s taking place regarding how cyber-criminals are using phishing. There has been a significant decrease, generally around 25 percent, in phishing attacks against broad-base consumers. The current and future risks lie in an increase in the attacks against a small number of employees who have access to sensitive data. Cybercriminals are using targeted phishing as a jumping-off point to get into the enterprise, break in and then steal data, breach systems, and spread out to vendors that are connected to the enterprise.


The JPMorgan Chase breach is alleged to have started with spear phishing that targeted one employee in the IT department, who was tricked into giving out their password to a vulnerable machine inside the network. The hackers jumped in from there and compromised records. Generally the most sophisticated attacks tend to be waged against very small numbers of employees, typically five or fewer. By targeting only a handful of employees, the attackers decrease the odds that their scheme will be detected


Criminals Are Increasingly Using Mobile


As spear-phishing campaigns become more common this year as a way to open the door to major cyber-attacks, attackers have started to focus on targeting employees through their mobile devices, which have less sophisticated detection systems. As an example they may use text messages that ask employees to update a virtual private network profile.


Detection methods are not currently in place for SMS/text, so you can’t tell when someone’s been phished on their mobile phone. With many of the major breaches that have recently occurred, the forensic evidence is increasingly pointing to the use of mobile devices in that initial attack inside the company.


Stronger, multifactor authentication for employee access to sensitive data, systems and servers need to be in place to thwart the impact of an employee’s credentials that are compromised. Companies need to focus more attention on preventing phishing attacks from being successful.


There is no credible reason why anybody internal to the company should receive emails claiming to be from the company with ‘from’ addresses that were sent from an external server. The use of SPF [sender policy framework] on your email server is paramount. It ensures that all outgoing email is authenticated and also all inbound email is authenticated and checked, particularly from your own domain.


Any organization is only as strong as its weakest link. If one employee isn’t careful, or isn’t properly trained they can bring down your entire network. That’s why auditors and examiners are increasingly recommending strongly that phishing testing be part of any company’s IT security policy. It’s an excellent way to establish strengths and weaknesses while giving you valuable information that can be used for employee training.


No one thinks they’ll be fooled by a phishing attempt but the results of ITPAC’s phishing tests demonstrate otherwise. Make sure you’re protected and your employees are prepared. Call ITPAC today to get a quote for email phishing testing.