Below is the paraphrased text:
In the ever-evolving landscape of cybersecurity, phishing remains a persistent and formidable threat. According to ReliaQuest's Annual Cyber-Threat Report for 2023, phishing links or attacks were used in an alarming 71% of all security incidents. This trend is not surprising, as phishing is a favoured tactic among threat actors due to its effectiveness and minimal output required from the attacker.
One of the most notable examples of a phishing attack in 2023 was the attack by the ransomware group, Scattered Spider. In September, Scattered Spider successfully tricked a help-desk employee into resetting credentials, gaining access to the victim organization's sensitive data. The group then performed a multifactor authentication attack with the valid credentials obtained, highlighting the vulnerability of unsuspecting individuals.
Scattered Spider, known for its expertise in social engineering tactics, is responsible for high-profile attacks on organizations such as MGM Resorts, Caesars Entertainment, and Clorox. The group deploys AlphV ransomware in some of its attacks and has been noted for its ability to exploit the trust and vulnerability of its targets.
To combat these threats, ReliaQuest recommends a multi-faceted approach that combines technical controls, user training, and zero-trust verification processes. Key measures suggested include:
- Harden Against Social Engineering: Establish strong internal processes to verify requests involving access or data changes. Regularly simulate phishing and vishing attacks specifically targeting help-desk and privileged users to improve recognition and early stopping of social engineering attempts.
- Enforce Strong Identity Verification: Train help desk staff to rigorously authenticate users before granting requests. Ensure the use of phishing-resistant MFA methods to reduce the risk posed by compromised credentials or social-engineered logins.
- Restrict and Monitor Access: Limit powerful permissions in systems like Salesforce only to trusted admins, use IP allowlists, and deploy automated monitoring solutions to detect suspicious activity or anomalous data downloads.
- Develop a Security Culture and Awareness: Mandate MFA for all users and conduct regular training to raise awareness of phishing, MFA fatigue, and SaaS-targeted attacks. Use scenario-based tabletop exercises to foster preparedness and vigilance among employees.
- Integrate Identity Layer Security and Orchestration: Implement platforms that anchor every request to verified humans and provide scalable, rapid deployment options to shut down attack vectors quietly and quickly before exploitation.
- Continuously Track and Adapt to Threat Evolution: Instead of solely focusing on static indicators of compromise, security teams should analyze evolving attacker tactics, techniques, and procedures to anticipate and prepare for future social engineering campaigns.
By implementing these strategies, organizations can significantly improve their resilience to phishing and social engineering attacks, turning the tables on the threat actors and making cybersecurity a more secure endeavour for all.
- The ReliaQuest Annual Cyber-Threat Report for 2023 revealed that 71% of all security incidents involved phishing, underscoring its prominence as a threat in the realm of data-and-cloud-computing technology and cybersecurity.
- Scattered Spider, a notorious group known for its use of ransomware and expertise in social engineering tactics, successfully carried out a phishing attack in 2023, exploiting a vulnerability and gaining access to a victim organization's sensitive data.
- In response to these threats, organizations are advised to adopt a comprehensive cybersecurity approach that includes hardening against social engineering, enforcing strong identity verification, and continuously tracking and adapting to threat evolution, thereby improving their resilience to phishing and social engineering attacks.
