•  User agent blocking (again to identify and block connections from known security crawlers)
               •  Use of compromised or legitimate sites for hosting

            We often see these attacks spike around key dates, with attackers weaponizing the news cycle. For
            example, ahead of US Tax Day this year, our threat analysts saw a 164% increase in tax-related phishing
            emails  since  February  2023  and  a  32%  increase  versus  2022  levels.  Typically,  in  these  attacks,
            cybercriminals attempt to convince victims that they have a tax refund available or have underpaid their
            taxes, when in reality, the email contains a malicious link or attachment.




            Delivery: The trojan horse

            Once a target has been found and an email has been weaponized, the next function of the toolkit is to
            help an attacker evade both email security and the scrutiny of the human recipient once it’s delivered.


            Using a compromised email account to send phishing emails makes it less likely they’ll be detected by
            email security solutions. This is called business email compromise, or 'BEC' and it presents a growing
            problem for organizations of all sizes. BEC causes 37% of cybercrime losses that are reported to the FBI,
            and over $43bn has been lost due to BEC attacks. But, when a bad actor doesn’t have access to a
            compromised account, they can rely on various tools to get their attack into the organization. These
            include legitimate email sending tools, such as those used for marketing and communication purposes,
            burner email addresses, and free webmail accounts. Additionally, impersonation attacks can leverage the
            organization’s own tools (Microsoft Azure AD and Outlook) to add authenticity to an attack.



            Preventing the preventable


            With the inner workings of the hacker’s toolkit exposed, the focus turns to cyber security best practice.
            By implementing regular security awareness and training (SA&T), organizations go some way to help
            empower their employees to identify and deal with phishing attempts before an attacker manages to steal
            valuable data. Additionally, organizations should augment their defenses with an integrated cloud email
            security solution (ICES). ICES solutions protect organizations from advanced email attacks by analyzing
            email content for signs of BEC.


            With  phishing  attempts  being  a  near-constant  business  threat,  users  engage  at  the  point  of  risk,
            empowering them to not only understand why an email has been flagged as dangerous but also identify
            compromise from a trusted source.
















            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          69
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.