Home > Move to Zero Trust

Phishing factories exploit trust to attack businesses

When an e-mail arrives in the inbox claiming that toilet paper is available for sale again, at a time when it is in short supply, there is a fair chance that a user will click on a link to find out more.

In times of crisis, people are at their most vulnerable and phishing attempts are most potent. During the coronavirus pandemic, it is no surprise that hackers are at their busiest again to hook victims to give up personal data and login credentials.

However, one key difference today is the underground economy behind phishing. Factories operating in the Dark Web now churn out toolkits for hackers to get into the game quickly. Meanwhile, the social engineering carried out has also grown more sophisticated to gain victims’ trust.

For enterprises, users are often the weakest link into a network or system in which they have invested greatly to keep out intruders. These users and potential victims continue to pose a risk to the business if there isn’t an effective response to their vulnerability.

Today, the attacks are not just coming through e-mails, which users have been conditioned to be wary of and businesses have set up countermeasures for. They also come through social networks, which users often place higher trust on.

One example of such phishing attempts is the “three question quiz”, though there are many variations to be found online. With this, users are given three questions where any answer they pick will be correct and they are all promised a prize for taking part.

They will then be led to a site to share their personal information, such as name and e-mail. They might even be asked to login to a site with their credentials. Hackers can use this data later in other attempts to either steal more information or hack into their accounts.

Brands being spoofed
Besides users, brands that are spoofed in these phishing attempts also suffer from the fallout. Today, some 100 brands and 23 airline companies have been victims of such fake campaigns that have hurt their image while compromising other users’ security.

Before the pandemic this year, when air travel was still unrestricted, airline tickets were a hot item to entice victims to give up their information. Today, this bait can be in the form of any item of currency, even toilet paper.

Once cyber attackers have managed to get hold of a victim’s basic information, they can look up data dumps from other sources, such as stolen usernames and passwords often exposed and sold on the Dark Web. With this cross referencing, they can find matches that let they proceed to compromise those accounts.

What is worrisome is the ease of setting up such phishing attempts today. An underground economy has mushroomed to develop toolkits complete with step-by-step flowcharts that teach cyber criminals how to exploit users’ weaknesses.

These phishing factories are also stealthy and hard to catch. Many of the domains they use to help funnel data from unsuspecting users only exist for short periods – a mere seven minutes for one “boutique” campaign that Akamai has observed and 13 hours for many bulk campaigns – so it is difficult to detect, blacklist and block them quickly.

This means the usual cyber defenses that guard against known threats need more help to catch these constantly changing phishing attempts. There has to be a way to find such activity before it lets the attackers access a business’ assets.

Finding malicious intent
What is needed is “zero-day” detection. In other words, businesses have to analyze and identify known pages and look for digital fingerprints on unknown pages that may betray their malicious intent. What, for example, does the output of the page bring us?

If it tries to connect to a domain that is not seen before, there may be a need to check the DNS (domain name server) to compare fingerprints with an existing database of known locations. Do they match? Or is there a risk in something that is unfamiliar and unknown, which should perhaps stop a user from loading the page?

After all, a webpage can be replicated and spoofed quickly. For real analysis to take place, there has to a more detailed look at its fingerprint. This means constantly seeking out such threats, like what is done at Akamai’s intelligent edge platform that power so many of today’s websites.

The company’s Enterprise Threat Protector is a security solution that provides proactive protection against zero-day malware and phishing. A cloud-based secure Web gateway, it can be deployed in minutes and delivers persistent, universal security.

Building trust anew
Such a solution is important because businesses can no longer build trust based on what they think they know. Perimeter defenses can be often breached today, so it cannot be assumed that anyone within the “castle walls” of a corporate network can be trusted.

Whenever anyone accesses an asset, the user should be checked, whether they are within or outside the corporate network. Similarly, users accessing a website cannot presume to be visiting a safe site, so the default action has to be to inspect these pages.

To get there, however, businesses need visibility of what is happening on a macro basis. Partnering with a trusted vendor enables them to get an aggregate view of the threats out there, thus enhancing their defenses against ever changing phishing threats.

Find out more about fending off evolving threats at Akamai’s Edge Live | Adapt Virtual Summit.

Enterprise Desktop
Cloud Computing