Key Highlights
- U.S. government agencies have issued anti-phishing guidance focusing on common phishing techniques and strategies for mitigation.
- The guidance addresses the threat of credential theft and malware-based attacks, emphasizing multi-factor authentication and secure software practices.
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a comprehensive guide that outlines standard phishing techniques and offers recommendations to mitigate these threats.
Understanding the Phishing Threat Landscape
Phishing attacks continue to be a significant cybersecurity concern, with threat actors employing various social engineering tactics to deceive individuals into divulging their login credentials or visiting malicious websites designed to deploy malware or steal sensitive information.
- In credential theft phishing, attackers often pose as trusted figures, such as supervisors or I.T. personnel, to send convincing phishing emails that persuade recipients to disclose their usernames and passwords.
- The guidance also highlights an evolving trend among attackers: using mobile devices to send text messages through different chat platforms and implementing Voice over Internet Protocol (VoIP) to spoof caller I.D.s in their phishing schemes.
Mitigating Credential Theft Phishing
To bolster protection against credential theft phishing, organizations are advised to implement multi-factor authentication (MFA) measures. However, the guidance emphasizes the importance of avoiding weak MFA methods, such as those without FIDO or PKI-based MFA, push-notification MFA lacking number matching, and SMS and voice MFA.
Malware-Based Phishing and Its Dangers
Malware-based phishing attacks involve impersonating trustworthy sources to trick recipients into opening malicious attachments or clicking on harmful links. This can lead to malware execution, initial network access, data theft, system disruption, or privilege escalation.
Attackers frequently employ free, publicly available tools to send spear-phishing emails containing malicious attachments with macro scripts or delivering links through popular chat services.
Reducing the Risk of Successful Malware-Based Phishing
To reduce the risk of successful credential phishing attacks, organizations are encouraged to provide employees with social engineering training, establish robust firewall rules, and activate email protection measures to block suspicious or malicious emails. Additional recommended steps include:
- Email and messaging monitoring.
- Implementing phishing-resistant MFA.
- Preventing user redirection to malicious domains.
- Blocking known malicious domains and IP addresses.
- Restricting users’ administrative privileges.
- Adhering to the principle of least privilege.
- Blocking the execution of macros and malware.
Software developers are also urged to integrate secure-by-design and secure-by-default principles into their development processes to enhance protection against phishing attacks.
The guidance caters to organizations of all sizes but includes a dedicated section for small- and medium-sized businesses with limited resources to defend against phishing threats.
FAQs
1. What is credential theft phishing?
Credential theft phishing involves impersonating trusted sources to trick victims into revealing their login information.
2. What is multi-factor authentication (MFA)?
MFA is an extra layer of security requiring users to provide two or more authentication factors, reducing the risk of phishing attacks.
3. How can organizations reduce the risk of phishing attacks?
Implement MFA, provide employee training, use email protections, monitor emails and messages, restrict administrative privileges, and block malicious domains and IPs.