This article originally appeared in Infosecurity Magazine on March 6, 2019.
A new report from Microsoft found that phishing attacks increased 250% over the course of 2018. According to Microsoft’s Security Intelligence Report (SIR) volume 24, attackers have shifted tactics and are now targeting multiple points of attacks within one campaign.
“Hacking is a multi-billion-dollar industry. If it was being run by one company rather than a mix of organized crime syndicates, lone wolves and governments, it would be comparable to a major NASDAQ tech business,” said Colin Bastable, CEO of cybersecurity test and training company Lucy Security.
Alas, malicious actors continue to find success using new tactics, like transitioning from URLs, domains and servers to dispersing emails and hosting phishing forms. The most recent SIR noted that by adopting both hosted servers and public cloud tools, attackers were able to more easily disguise themselves so that they appeared to be legitimate services or products.
“These are smart, motivated people with not much to lose and a lot on the upside. They're ahead of most security vendors in the Cyber Security war, because the vendors play defense,” Bastable stated.
The report evidences the challenges that CISOs and many vendor CTOs have when it comes to understanding the wide range of attack methods and techniques available to hackers. “Malicious actors are always on the lookout for new ways to hack devices and machines,” said Usman Rahim, digital threat analyst at The Media Trust.
“Phishing, whether through email, malvertising, or any other channel, takes advantage of the fact that most consumers pay little attention to details and are likely to click on an email link, an ad, and enter sensitive information when prompted,” stated the report.
Threat actors are becoming more innovate, finding new ways to escape detection by checking for known anti-malware solutions, persisting despite a browser reboot, stealing device information like IPs and switching infection tactics when they’ve been discovered, Rahim said.
“The best defense for organizations is to take a layered approach to security that involves employee training and collaboration with digital supply chain partners. The former addresses internal threats; the latter will address the risks that reside within the supply chain, most of which fall under the radar of most organizations.”