Think Like an Attacker: Effectively Addressing Targeted Phishing and Fraud

Written by

Phishing and fraud campaigns are on the rise due to the rapid shift to remote work across the enterprise.

According to recent research by ZeroFOX, between January and April 2020, digital threat activity increased by nine percent, and fraud and scam incidents online increased by 60 percent.

With every holiday, national event and even global crisis, cyber-criminals pounce at the chance to target new victims with scams and phishing attacks. We’ve seen bad actors looking to leverage COVID-19 to personally profit, and unfortunately this is something we see all too often.

When disaster hits, attackers will take advantage of people’s generosity and willingness to help to make some fast cash for themselves. Phishing sites disguised as COVID-19 relief fundraisers have sadly become the norm during this time.

Tactics such as phishing and domain-based attacks have always been prevalent, but with the current agitated state of the world, and the increase in at-home online users, attackers have been leaning on these tactics more than ever before. Phishing attacks in particular have increased 125 percent as the audience of individuals cyber-attackers are able to reach has increased along with WFH mandates.

As the pandemic continues and organizations do their best to adjust to this new normal, it is crucial for enterprises and IT teams to understand how to effectively address targeted phishing and fraud campaigns. Below are five steps for security teams to mitigate digital risks.

Step 1: Educate

As phishing attacks, scams and other fraud campaigns increase and expand across more platforms, it’s important for IT and security teams to periodically update user training to reflect the reality of the evolving threat landscape. As attackers look to capitalize on human weakness or error, organizations must coach employees to see the warning signs of phishing and fraud across these platforms.

Training employees on best practices for safe use of digital platforms will not only protect them against potential attacks but will ultimately protect the reputation of the entire organization. One wrong click on a phishing link can wreak havoc on a company’s credibility and bottom line.

Step 2: Get Ahead & Identify Gaps

As cyber-attacks persist in this new normal, security teams must ensure that they have the right tools in place to address those threats. The old approach of solely focusing on email for phishing attacks will no longer suffice. It is important that security and IT teams have visibility into all platforms on which the threats might occur – i.e., social networks, websites, collaboration tools, email and more.

Enterprises must take stock of their tools and technology to ensure that they have the visibility and adequate coverage across the threat landscape. Don’t wait to identify gaps in your security plan until after an attack occurs.

Step 3: Understand What Makes You a Target

IT and security teams must identify the unique vulnerabilities that cause an attacker to specifically target their organization and prioritize their security strategy to help mitigate them. This should be an ongoing process as exposure can come in many different forms.

When targeted, organizations should aggressively seek to quickly counterattack - dismantling attacker infrastructure - to drive attackers to softer targets.  Enterprises must map out their digital footprint to help drill into why they’re being targeted and help them see where exposures lie. Doing this routinely is important as an organization’s digital presence is constantly evolving, as are the threats.

Step 4: Think Like an Attacker

Security teams aim to stay ahead of all potential cyber threats, but in order to do this, they must think like an attacker. By understanding attacker methods, organizations can better develop a strategy to proactively respond as early as possible and at each step of the kill chain.

In order to have this mindset, security teams must have access and visibility into the platforms that attackers rely on to plan and conduct attacks. This can include dark web chat rooms or forums and marketplaces where attackers sell hacking services, purchase phishing kits and even seek advice. Keeping an eye on these forums can provide an early glimpse into the plans and targets of future attacks and campaigns, ultimately helping organizations diminish threats before they arise.

Step 5: Develop a Strategy

This is the most important step, as it is not enough to just identify and respond to attacks. Organizations must also have a comprehensive mitigation strategy in place to reduce risk and disrupt threats before they cause harm.

Mitigation strategies should be focused on deconstructing the attacker’s infrastructure to more effectively disrupt their entire campaign. This strategy should be detailed and include information around the types of attacks, the targets, the platform and the risk ratings.

Every organization’s ultimate goal is to protect their employees and their sensitive information, which in turn protects their own reputation. With the global crisis we’re currently facing, many companies are at higher risk of being targeted, and the span of the attack surface and the frequency of attacks has increased. Further, the reliance on social, mobile and digital channels to conduct business has created the perfect opportunity for threat actors to directly reach your customers, and security teams must take the necessary precautionary measures to prevent and disrupt those attacks.

With threat activity continuing to rise, it’s crucial that organizations stay vigilant in identifying and remediating threats posed to them.

What’s hot on Infosecurity Magazine?