1100% Increase in Evolved Password Stealing Attacks - Are You Protected?
Updated: Oct 25
Password/Credential stealing (Phishing) is an ever-present and effective threat to businesses. It offers opportunistic hackers a relatively effortless way to compromise systems and bypass many defences which companies rely upon for protection of their sensitive data.
Typically, these attacks coerce staff into visiting a website which presents a fake login page, often a replica of a legitimate login page for services such as Microsoft 365. Upon the staff member submitting their credentials, often under the pretence of accessing an important document, their username and password is then provided to the hacker. They can then login to company systems at will. From there, they have a foothold within your system and can further compromise the business, it’s partners and it's contacts, spreading much like a virus.
One method of defence against such attacks is to use email and/or web filtering technologies to audit links and websites. These commonly gauge the reputation of a website and where it is hosted to aid in determining whether it should be blocked as dangerous.
The latest research from Palo Alto Networks shows that there has been an astronomical increase of 1100% over the last year in threat actors using trusted and legitimate website platforms to build and host their password stealing websites. This not only aids in the ease of deployment (and thus prevalence) of such dangerous websites but it crucially also helps their attacks to evade some filtering systems designed to protect businesses. This is because filters will see the website is hosted on a trusted and reputable platform and could potentially determine the website is safe to visit as a result. It is also unrealistic for IT teams to block these platforms - doing so would prevent access to so many legitimate websites.
The findings from this research prove that single layers of defence are not adequate when it comes to securing your business from these attacks – or indeed any cyber threat. Your IT support provider should recommend and be able to deploy multiple layers of defence to counter these types of attacks as they continue to evolve and evade your defences.
There are numerous technologies which can further secure your business against these attacks. Multi-Factor Authentication is an important starting point, but some examples of other defences are below:
Conditional Access Policies - to intelligently restrict the conditions which will allow a user account to be authenticated, even if the correct username, password and even multi-factor authentication are provided. Helping to ensure only your staff, and not threat actors, are able to login
Link & Website “Detonation” – to go beyond simple security filters. These technologies can automatically submit new links and websites to special servers which will open them and actively browse their contents as a human would to determine their safety before delivery to staff.
Staff Awareness – as ultimately these attacks depend on human coercion to succeed. Awareness programs and training can be provided to staff to help them identify and be alert of these types of threats.
Unusual Activity Detection – to detect and alert your IT provider to any unusual sign-in activity. For example, a user who just signed in moments ago in Sheffield has now just signed in again in Paris. This is unfeasible and should be raised for investigation and technologies exist which can do this.
Strict Closure of Loopholes – to remove the potential for attackers to bypass security technologies like those mentioned above. Doing so can be incredibly complex and requires intrinsic knowledge of your IT platforms (Like Microsoft 365), dedicated cyber security competences, strict adherence to configuration and administration best practices and more. From our experience providing ethical hacking services for businesses, this is where many fail. All the defence technology in the world can be undone by poor configuration performed by professionals without the previously mentioned knowledge and a security focus.
The above list is far from conclusive but provides some excellent options which your business could be considering for protection. If you are working with the right IT provider, they will already be thinking of them for you. If they are not, you can get in touch with Firaya, and we would be happy to help you in your journey to fortified IT.