Despite businesses investing in next-gen technologies, phishing threats continue to become more sophisticated and effective according to a new report.
The study from intelligent phishing defense company Cofense shows how threat actors, armed with an ever-growing arsenal of tactics and techniques, continue to tweak their campaigns and enhance their capacity to deliver malware, ultimately getting more messages past perimeter controls to user inboxes.
Among the findings are that between October 2018 and March 2019, 31,429 total threats were reported by end users after delivery to the inbox, these included 23,195 via credential phishing and 2,681 via business email compromise (BEC).
Worryingly, 90 percent of the malicious emails verified by the Cofense Phishing Defense Center during this period were found in environments running one or more secure email gateway. SEGs play a key role in phishing defense, but they are not infallible. The report identifies SharePoint, OneDrive and ShareFile as some of the most abused cloud providers and says that threat actors use geo-location to help prevent analysis by security tools or human researchers; enabling malware to slip through an SEG's defenses.
Techniques used continue to evolve, Cofense is seeing activity such as the use of public, open source tools to evade detection and the leveraging of genuine Office 365 accounts to harvest credentials to increase the odds of reaching the inbox and delivering malware. The report outlines that sextortion and bomb scare extortion also pay off significantly when utilized by threat actors.
"Adversaries are constantly evolving their techniques and changing their infrastructure to complicate detection, meaning that indicators of compromise (IOCs) can grow stale extremely quickly. For holistic defense, users need to be prepared to identify and report any threats that do reach their inbox," says Aaron Higbee, co-founder and CTO of Cofense. "Automated technical defense controls must be blended with a human element in today’s threat landscape. While timely threat intelligence helps head-off attacks and drown out the noise so that SOC teams can prioritize and focus on the most pernicious threats, Cofense is observing an ever-increasing surge of malicious emails that reach user inboxes daily. Once a message reaches an inbox, that end user is your last line of defense."