Jump to content

How to Protect Against Evolving Phishing Attacks


David H. Lipman

Recommended Posts

How to Protect Against Evolving Phishing Attacks

231018-D-IM742-2222.JPG

Quote
Press Release | Oct. 18, 2023

How to Protect Against Evolving Phishing Attacks

 

FORT MEADE, Md. - The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them.
 
The Cybersecurity Information Sheet (CSI) “Phishing Guidance: Stopping the Attack Cycle at Phase One” outlines tailored cybersecurity controls for Information Technology (IT) departments to reduce phishing attacks, also known as electronically delivered social engineering. The Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) co-authored the CSI.
 
“Knowing how to navigate phishing danger is essential because anyone can fall victim to these attacks,” said Eric Chudow, NSA’s Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. “Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence. They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions.”
 
Cyber actors employ a wide range of technologies and platforms to conduct phishing attacks. Common vectors include short messaging system (SMS) text messages and chats in platforms such as Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger. Such attacks may lure users into divulging their login credentials or clicking a malicious hyperlink or attachment which then executes malware.
 
The CSI provides detailed mitigations to protect against login credential phishing and malware-based phishing, as well as steps for identifying and remediating successful phishing activity. It lists more than a dozen best practices for IT professionals to follow to avoid their organization being compromised, including phishing-resistant multi-factor authentication (MFA), phishing filters for links and attachments, protective DNS, application allow-lists, and remote browser isolation.
 
Additional guidance in the CSI focuses on software manufacturers implementing secure by design and default tactics and techniques. Software manufacturers should develop and supply software that is secure against the most prevalent phishing threats. The co-authoring agencies urge organizations to hold software manufacturers to a secure-by-design technology standard and build these and other mitigations directly into products to protect users and organizations from phishing’s malicious effects.
 
Read the full report here.
 
Read NSA’s secure-by-design guidance.
 
Visit our full library for more cybersecurity information and technical guidance.

 

  • Like 3
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.