Phishing attacks are currently one of the greatest cyber threats. New variants can be observed almost every day. At the moment, there are more and more MFA fatigue attacks, as the hacker attack on the transport service provider Uber shows.
CyberArk Labs have identified five common phishing attacks in the recent past:
MFA fatigue attacks
Using SMS and voice phishing to impersonate trusted sources, attackers “tire” users with multiple MFA pushes until they gain access to the targeted systems. Attackers are always finding new ways to bypass MFA applications and security controls. Leveraging phishing-resistant MFA factors like FIDO, QR codes, or physical tokens can help thwart these efforts. Another effective defense against MFA fatigue attacks is to change the MFA configuration. For example, push notifications can be replaced by one-time passwords (OTPs). Although OTP usage is less convenient, it can minimize the risk of MFA fatigue. A more user-friendly approach is to require number matching for successful MFA authentication. A string of numbers is presented to users who respond to MFA push notifications using the authenticator app. You must enter them into the app to complete the process.
Social Engineering Attacks
Security awareness training for employees is an effective method of protecting against social engineering. Training should be routinely conducted to embed security-conscious behavior in the corporate culture and to educate employees on the development of social engineering and phishing attack techniques. But technical protective measures must also be taken. This includes, for example, the use of spam filters that prevent suspicious e-mails or unwanted attachments such as sweepstakes or infected applications from reaching employees' inboxes.
Identity compromise through credential theft
This is done, for example, by man-in-the-middle attacks. Awareness campaigns cannot always prevent a user from becoming a victim of phishing. Consequently, a defense strategy must also include endpoint privilege management that protects client-side credentials and prevents cookie theft that can enable MFA bypassing.
Sideways movements of attackers in the network
This is done in order to compromise other systems and servers and to extend access rights - up to domain controllers. One line of defense is enforcing the principle of least privilege across the entire infrastructure, including applications and data. This is where intelligent authorization controls come into play, managing, securing and monitoring access for all identities.
data exfiltration
In one recent phishing incident, attackers attempted to re-enter the network after stealing data but were subsequently discovered. They targeted employees who may have only changed individual characters in their passwords after the mandatory reset of their login data. The attackers were not successful in this case, but it shows how important secure password procedures are. Ideally, a solution is used that automatically generates unique and secure passwords and rotates them regularly.
“Phishing has reached a new level of innovation. Recent events show how far attackers will go to fool their unsuspecting victims. Employees who think they can act safely thanks to MFA are also affected,” explains Michael Kleist from CyberArk. “Effective anti-phishing protection must therefore include technical solutions on the one hand and also take into account the human component on the other. After all, it can be assumed that unwanted clicks are ultimately always unavoidable. As a result, threats should always be identified at an early stage before major damage occurs. In addition, security must be structured in several stages so that the attacker can be intercepted in the next line of defense if the worst comes to the worst.”
More at CyberArk.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.
Matching articles on the topic