Security leaders have a uniquely difficult job; on top of enabling the business on a daily basis, we have to sort through a media and industry-embellished doom narrative to pinpoint actual problems our organizations face and advise on how to protect against them. I spend a lot of time thinking about the true problems we face and want to share what’s top of mind for me.
-Oren J. Falkowitz, Field CSO @orenfalkowitz
Featured blog: The mechanics of a sophisticated phishing scam and how we stopped it
Traditional security solutions have put organizations in a defensive position. As threats have grown in sophistication, so must the technology. We are seeing security innovation, more and more, empowering Security teams to take a proactive position and even drive business value.
In The mechanics of a sophisticated phishing scam and how we stopped it, my colleagues shared an all-out optimistic assault, showing how all the pieces in a Zero Trust architecture should come together to prevent a targeted cyber attack.
Cyber attacks rarely exist in a vacuum. When Twilio shared that they had been compromised by a phishing attack, Cloudflare noticed a campaign with very similar characteristics and was not alone. 9 in 10 cyber attacks begin with phishing, and across all of the various styles of campaigns, their success is constrained to one constant, their authenticity. Over the years we’ve observed that there are two distinct forms of authenticity, visual and organizational. Visually authentic attacks use logos, images, and the like to establish trust, while organizationally authentic campaigns use business dynamics and social relationships to drive their success.
Below are my key takeaways from observing and taking action against this style of phishing campaign - one that we believe would breach most organizations:
Multi-channel phishing is on the rise. Typically we confine our thinking about attacks by their primary indicator of compromise (IOC). In phishing, there are linked-based (i.e. credential harvesting), file-based (i.e. malware), and non-link or non-file-based campaigns, such as business email compromise. An important trend we’re tracking closely is the rise of multi-channel phishing campaigns. Attacks that begin in one communications channel, such as SMS in this case study, can be complemented or move quickly to other vectors of attack.
This Zero Trust thing really works. Zero Trust represents a shift from the old way of doing things, where security focused on the perimeter, to a more dynamic and granular approach that emphasizes continuous authentication, authorization, and monitoring. Prior to Zero Trust, we were purchasing a multitude of products from multiple vendors which was both pricey and time-consuming. We would buy into these products and automatically trust access since it was within the company network. This just isn’t the case anymore; access must be verified each time to prevent lateral movement. Zero Trust principles such as network segmentation, identity verification, and access control will verify access, reduce the attack surface, and continuously monitor and detect abnormal activity on the network.
A paranoid blame-free culture is a key asset. By educating and enabling users to participate in reporting suspicious activity, our colleagues become the greatest asset in building resilient and well-defended organizations.
As cyber attacks continue to evolve and become more sophisticated, it's crucial for organizations to take a proactive approach to security rather than relying solely on reactive measures. Implementing a Zero Trust framework can help prevent potential security breaches, and while it may require some effort to implement, the benefits of a more secure system are well worth it.