Admin I Tuesday, April 09, 2019
JOHANNESBURG, South Africa – It is becoming better understood that, in order to stop phishing attacks, we need to be able to see them coming. At the same time, it also helps to have an idea around which phishing and malware threats we should be keeping an eye on.
This is according to Anton Jacobsz, CEO at value-added distributor Networks Unlimited Africa who was referencing a report by Cofense (formerly PhishMe), a leading provider of intelligent phishing defence solutions.
“The report, titled ‘Six Phishing Predictions: 2019’, sees Cofense lean on quite a few in-house experts who have, in turn, provided some generous and learned intelligence around what businesses and consumers can expect from hackers and cybercrime in general over the next year,” he says.
To kick things off, Nick Guarino and Lucas Ashbaugh, both threat analysts at Cofense, warn that trusted services won’t be. Trusted, that is. Their prediction says the majority of phish seen in the wild in 2019 will live in historically trusted sharing services like Google Docs, Sharepoint, WeTransfer, Dropbox, Citrix ShareFile and Egnyte. They say it’s difficult for these services to keep up with the constant barrage of varied phishing tactics.
“Traditional security tools (firewalls, anti-virus) have no insight into the files housed on these services. As a result, it is incredibly difficult to protect users against these phish hiding in plain sight,” their prediction concludes. Prediction two comes from the desk of Tonia Dudley, Cofense Security Solution Advisor and she says “credential phishing will reel ’em in. Just like last year.”
Dudley cites a quote heard at a recent SANS conference where someone said: ‘Hackers don’t need to break in, they log in’ and she confirms that credential phishing is the reason why this statement is so true.
“Threat actors stick with what’s working and, at least so far, credential phishing allows them access to your organisation as validated users,” Dudley says in the report. “I think we will continue to see this type of phishing campaign at the top of the threats list, especially for organisations that have failed to enable multi-factor authentication. As you conduct security awareness training, this type of phishing scenario should be a top priority, in particular for your high value targets and privileged users.”
Director of Sales Engineering at Cofense, David Mount says that many people expect AI to be the panacea to stop phishing. However, he sees 2019 as the peak of the hype cycle for AI.
Mount says AI can only be as good as the person creating it and, since phishing attackers are constantly evolving their tactics, AI could find it tricky to keep up. And, if it does prove effective, users will be faced with AI itself becoming a target through poisoning attacks. Either way, Mount says 2019 will be the year we start to see AI begin to play a role in many organisations’ overall security strategy. But AI is not an alternative to security awareness training or empowering employees with the tools and instincts needed to flag phishing attacks. A robust security posture will require both network-level, AI powered threat detection plus human intelligence.
The fourth prediction warns businesses to expect a mix of off-the-shelf and customised malware and stems from Cofense’s Threat Intelligence Manager, Mollie MacDougall and its Principal Intelligence Analyst, Darrel Rendell. They say while they expect off-the-shelf malware to remain popular, they anticipate more customised malware will also appear in phishing campaigns going forward.
Both are in agreement that 2017’s headline-dominating attacks (WannaCry, etc.) clearly showed the importance of patching, which can decrease the efficacy of common simple-script malware and push more sophisticated actors towards investing in procuring 0days.
As per the Cofense report: “The ongoing dominance of low-cost, off-the-shelf malware indicates they likely continue to reap success. The real danger will be in improved banking Trojans and other stealers. With the declining profitability of ransomware operations and the current state of the cryptocurrency marketplace, threat actors will likely rely on more traditional malware for illicit monetisation. Moreover, with modular banking Trojans available for purchase, threat actors will continue to provide more sophisticated and broadly capable tools for their less-savvy peers.”
Jason Meurer, Researcher at Cofense agrees that the fate of ransomware will be tied to cryptocurrency. He says 2018 saw ransomware fade from the headlines and feels this trend may continue even though it is dependent on the trajectory of the cryptocurrency markets. “If we see a resurgence in cryptocurrency, we will likely see ransomware surge in popularity again ahead of price jumps,” he concludes.
The last prediction discussed in the Cofense report is again from David Mount who says threats actors will share intelligence to stay a step ahead.
In the report, Mount says that fight against threat actors in an ongoing struggle – as businesses update their cybersecurity strategies, so too do attack methods evolve and, besides being well funded, attackers have no qualms when it comes to sharing intelligence, unlike businesses operating in the security industry.
“Despite the obvious benefits, the industry is reluctant to share what it knows,” Mount says. “Because of this, in 2019, threat actors will continue to stay one step ahead and this is one more reason why businesses need to act faster, making a concerted effort to focus on the most important part of their defence – people.”
Network Unlimited Africa’s Jacobsz believes all six predictions carry weight but says this last prediction underpins a vital message.
“One of our foundational beliefs is that a comprehensive security strategy is nothing without user buy in,” he says. “User education and continued inter-company communications around how best to avoid phishing attacks are the first and most important step to building a concrete approach to security and defence strategies.”
To learn more about Cofense’s phishing incident solutions, please click here.
