I’m sure this comes as no surprise, but phishing is alive and well. In fact, it is the most common technique that malicious actors use to gain access into organizations. What should be surprising though, is that individuals are still falling for phishing attempts. This could be for a multitude of reasons: lack of training, the organization’s environment lacks the necessary hardening to protect against phishing attempts, or more elaborate phishing attempts by malicious actors.
Lately, phishing attempts have become more successful, which has led to an increase in business email compromises (BEC). According to this Microsoft article, in September of 2021, a phishing attack utilizing an adversary-in-the-middle attack (AiTM), targeted over 10,000 organizations. In AiTM phishing, attackers deploy a proxy server between a target user and the website the user wishes to visit (that is, the site the attacker wishes to impersonate). This attack will be successful even with MFA enabled because AiTM steals session cookies, which allows the malicious actor to authenticate on the user’s behalf.
What can you do to prevent this? Well, there is an answer for that as well, here are 5 tips for prevention:
1. Training, training, training! People are always the biggest risk, both internal and external
users. More examples and shared experiences create a higher level of security needs
2. Enable conditional access policies. Limited access to an ‘as needed’ basis just reduces
your risks overall. No longer can everyone have the same access at work.
3. Invest in advanced anti-phishing solutions. Lots of good software and hardware-based
tools help automate and mitigate phishing attempts.
4. Continuously monitor for suspicious or anomalous activities. Server and user-based tools
that highlight suspicious emails are a good way to have everyone on the same page.
5. Make it fun and rewarding. Don't hesitate to consider a ‘bounty reward’ for the team that
finds phishing examples and forwards them to IT. Starbucks gift cards go a long way
toward policing the problem!
At Vala Secure, we are experts in cybersecurity and compliance, so you don’t have to be. We provide the latest in cybersecurity training and a thorough and complete assessment of the O365 environment. For more information an how we can help, reach out here.