Credential phishing campaigns, in which high-profile individuals are unwittingly falling victim to malicious actors who are looking to gain access into business systems, have proven to be a successful attack vector. According to a new Menlo Security report, Understanding a Growing Threat: Credential Phishing, credential phishing is a quickly growing cyber-attack and is increasingly becoming the preferred entry point for most attackers.
Bad actors try to steal user credentials by tricking them into using their login information on fraudulent sites. By either hijacking an existing login page or creating a highly sophisticated login website that closely resembles an authentic site, attackers easily gain access to the network.
The most common targets are public agencies and political organizations, and the attacks are often sponsored by nation-state groups, advanced persistent threat (APT) cyber-criminals or hacktivists, according to the report.
“Attackers know very well how to manipulate human nature and emotions to steal or infiltrate what they want. They use email messages that induce fear, a sense of urgency, curiosity, reward and validation, an emotionally charged response by their victims or simply something that is entertaining and a distraction to convince, cajole or concern even seasoned users into opening a phishing email,” the report said.
The research found that the most popular phishing lures across Menlo Security’s customer base were associated with OneDrive, LinkedIn and Office 365 logins. Attackers intentionally leverage these work productivity tools because people rely on them to conduct day to day business exchanges.
Apparently hackers enjoy long weekends, as Friday was reportedly the least popular day for attackers, with only 0.8% of phishing emails being sent out before the weekend. Campaigns start to pick up on Mondays, with 11.3% of URLs distributed. After easing into the week, email disbursements increased to 39.8% on Tuesday. Interestingly, the attack setup and the percentage of phishing URLs sent on different days of the week remained the same across every industry.
Gaining access to corporate networks is only the beginning of a much larger and more destructive attack, and the report found that credential phishing is so effective that threat actors are able to evade generic threat intelligence solutions.
"The difficulty of detecting credential phishing attacks shows that while the TTPs of a credential phishing attack may be simple, the technology needed to detect and protect enterprises and their users from these attacks – and to provide visibility into such attacks – must be intelligent, impenetrable and advanced," the report said.