As the deadline for the latest data privacy regulation compliance looms, cybercriminals are coming out in full force to take advantage of the timing to launch massive phishing campaigns against businesses and consumers. Reports began to arise in recent weeks, showcasing popular and trusted brands being abused as the face of phishing attacks targeting consumers. RSA has also noticed an increase in these phishing attacks in the wild as well as many more being reported by our customers. "Don't Miss Out" and "Let's Stay in Touch" are the subject lines screaming out from consumers' inboxes.
While phishing attacks cause pain for consumers, the implications on the corporate side are much larger. Unlike the "spray and pray" approach often associated with consumer attacks, these more direct attacks – spear phishing – target specific individuals or organizations. One consumer tricked equals one stolen credential. The right enterprise employee tricked could equal millions of stolen credentials or worse.
The timing of trendy stories or pressing compliance deadlines to launch attacks is nothing new to cybercriminals. They continue to use phishing tactics for one simple reason: they still work. In RSA's latest fraud report, phishing accounted for 48% of all attacks detected by RSA in the first quarter.
The ability to provide early detection and alerts for suspicious phishing emails – whether targeting customers or employees – is critical. For consumers, the goal of a phishing attack is most often to capture financial or personal data. As organizations do not have access to, or control over, a customer's device, if a consumer takes the phishing bait and malware is involved, they have no visibility into the attack. Thus, identification of attacks in the wild and the ability to take down an attack quickly once detected is important in minimizing customer impact.
For more sophisticated attacks targeted at individuals, or a group of individuals within an organization, visibility is critical to enable fast and efficient response. These attackers aren't just after credentials, financial information and identity data, however. They "go big" – dropping malware on a device, and before you know it, they're moving laterally across an organization in search of the crown jewels.
Because employee devices are connected to the network, with the right tools in place, an organization can quickly gain insight into who clicked on the link and who was compromised, how widespread the attack is, and the root cause. At the same time, it is important to be able to orchestrate an automated response, such as blocking phishing emails at the server level or instituting a firewall block against the remote command and control location across the company.
Today, a new phishing attack is launched every 30 seconds. For every hot trend or gripping political or cultural news, there is likely a phishing campaign behind it, and attackers will continue to leverage these compelling events to target businesses and consumers. The only way to be prepared is to be better than cybercriminals at their own game.
# # #
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post
Keywords: Compliance, Cyber Crime, Fraud, GDPR, Malware, Phishing, Threat Detection, Threat Detection and Response, Threat Response