Many large-scale cyberattacks sound complex and advanced, but initial access is often obtained through relatively simple phishing campaigns that may have no connection to any advanced threat group. As a result, persistent phishing is considered a serious threat to cybersecurity.
Organizations are advised to not overlook the threat of phishing, especially when more sophisticated attacks make headlines. Instead of focusing solely on specific indicators of compromise or malware, it is important to stay vigilant against daily emerging phishing threats, especially with the number of phishing attacks becoming more prominent. In fact, a Cofense report revealed that 2022 saw a 569% increase in malicious phishing emails.
Cofense’s Phishing Defense Center reported that credential phishing remains the leading threat for their customers. This comes as no surprise, given the rise in active threat reports related to credential phishing. There is an alarming increase of 478% in credential phishing-related active threat reports published, according to Cofense Intelligence.
Despite efforts to prevent such attacks, the threat of credential phishing still plays a significant role in the attack chain for ransomware and business email compromise, BEC. When a user falls victim to a credential phishing attack and their password is reset, the threat actor remains persistent in their inbox. They do this by adding auto-forwarding rules for keywords related to financial transactions, such as invoices, purchase orders and quotes. These emails are then used to target downstream organizations with BEC or vendor email compromise threats.
It is essential for organizations to remain vigilant and to take measures to protect against credential phishing attacks, as they can have severe consequences for individuals and businesses. With the rise of BEC threats, it is critical to educate employees and implement security protocols to prevent sensitive information from falling into the wrong hands.
But that’s not all.
The report also saw Web3 technologies used in phishing campaigns increased by 341% and telegram bots as exfiltration destinations increased by 800%. (Alarming numbers as well.)
With Web3, anyone can publish any content, avoiding technical problems like server management as well as legal problems or censorship. Unfortunately, these features make the technologies attractive to threat actors seeking easy, robust hosting for malicious content. Threat actors craft links or carefully select hosts for links to bypass secure email gateways, or SEGs.
As for telegram bots, they are popular among threat actors due to their low-cost, ease-of-setup nature in private or group chats, plus their compatibility with various programming languages and integration with malicious mediums like malware or phishing kits. By attaching HTML credential phishing files to emails, threat actors efficiently reach inboxes, exfiltrate credentials to a single point and exploit the trust associated with a widely used service.
“The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics,” said Tonia Dudley, Vice President and Chief Information Security Officer at Cofense. “As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. Organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture.”
One way to mitigate risk is to turn to providers of phishing detection and response solutions, such as Cofense. Cofense’s Security Awareness Training content, for example, focuses on real phishing emails, identified by Cofense Intelligence, that are bypassing SEGs as part of the program. Available in various formats, the SAT content focuses on phishing, ransomware, BEC, malware, social networking and more to help train users to spot and stop the latest email attacks.
As these threats become more frequent and intense, protecting against phishing attacks is a critical necessity. Businesses need to stay alert and implement strong defense strategies to safeguard their sensitive information and avoid falling victim to these common yet harmful attacks.
Edited by
Alex Passett
