Page 69 - Cyber Defense eMagazine September 2023
P. 69
• User agent blocking (again to identify and block connections from known security crawlers)
• Use of compromised or legitimate sites for hosting
We often see these attacks spike around key dates, with attackers weaponizing the news cycle. For
example, ahead of US Tax Day this year, our threat analysts saw a 164% increase in tax-related phishing
emails since February 2023 and a 32% increase versus 2022 levels. Typically, in these attacks,
cybercriminals attempt to convince victims that they have a tax refund available or have underpaid their
taxes, when in reality, the email contains a malicious link or attachment.
Delivery: The trojan horse
Once a target has been found and an email has been weaponized, the next function of the toolkit is to
help an attacker evade both email security and the scrutiny of the human recipient once it’s delivered.
Using a compromised email account to send phishing emails makes it less likely they’ll be detected by
email security solutions. This is called business email compromise, or 'BEC' and it presents a growing
problem for organizations of all sizes. BEC causes 37% of cybercrime losses that are reported to the FBI,
and over $43bn has been lost due to BEC attacks. But, when a bad actor doesn’t have access to a
compromised account, they can rely on various tools to get their attack into the organization. These
include legitimate email sending tools, such as those used for marketing and communication purposes,
burner email addresses, and free webmail accounts. Additionally, impersonation attacks can leverage the
organization’s own tools (Microsoft Azure AD and Outlook) to add authenticity to an attack.
Preventing the preventable
With the inner workings of the hacker’s toolkit exposed, the focus turns to cyber security best practice.
By implementing regular security awareness and training (SA&T), organizations go some way to help
empower their employees to identify and deal with phishing attempts before an attacker manages to steal
valuable data. Additionally, organizations should augment their defenses with an integrated cloud email
security solution (ICES). ICES solutions protect organizations from advanced email attacks by analyzing
email content for signs of BEC.
With phishing attempts being a near-constant business threat, users engage at the point of risk,
empowering them to not only understand why an email has been flagged as dangerous but also identify
compromise from a trusted source.
Cyber Defense eMagazine – September 2023 Edition 69
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.