We often hear about cyberattacks consisting of exploits or malware meant to gain control of victim machines, and the term “phishing” has become more widely used and understood. Even my dad now knows what phishing is, not because I told him, but because of headlines in news publications like these:
According to Verizon’s recently released 2016 Data Breach Investigations Report, phishing attacks overwhelmingly aim to steal legitimate user credentials. Genuine credentials are valuable because they provide attackers with “authorized” access, which is less likely to trip any alarms or alert administrators, which, in turn, means more time for attackers to do what they will.
Verizon reported that around 1000 breaches in 2015 were the result of stolen credentials. If you’re the attacker, why try to break in through the second story window when you’ve got a key to the front door? And if you’re the target, how do you stop attackers from using your own front door keys to break into your house?
Verizon recommends a few things to stop credential phishing and limit attackers’ movement, should they be able to bypass your network protections:
- Use an email gateway to inspect email content and filter out those pesky phishing emails. (We highly recommend Proofpoint – keep reading to find out why!)
- Provide your users with a straightforward way to contact your security team should they suspect a phishing attempt.
- Require strong authentication – no one should be using default passwords or easily guessable passwords consisting of less than 12 characters – and when two-factor authentication is available, use it!
- Use internal network segmentation to limit how far attackers can get and make sure they cannot easily pivot to where the high-value stuff is kept.
- Inspect outbound traffic for signs that users have been compromised. Look for suspicious HTTP and DNS connections and file transfers – these are signs of command-and-control traffic and data exfiltration.
Of course, being a security company, we always have phishing attacks top of mind as challenges to solve. We’ve recently implemented new features within PAN-DB to help our customers fight the ongoing phishing battle using URL Filtering and WildFire.
Recognizing New Phishing Websites
WildFire now includes frequent updates to PAN-DB’s phishing category in its generated set of protections. It actively looks for links to spoofed websites and web forms containing usernames and passwords that are intended for unapproved or unknown web applications. These quick categorizations enable our customers to block access to newly discovered phishing sites so your users don’t get duped into giving away their credentials.
In addition, we’ve recently partnered with Proofpoint to help our joint customers better secure themselves against malicious emails, including phishing emails and emails with exploitive or malware attachments and malicious links. Armed with Proofpoint deployed for email, and a WildFire API key, customers can easily integrate Proofpoint’s visibility into all pre-filtered incoming email with WildFire’s thorough analysis engine to prevent attacks both at the email gateway and at the firewall – a double layer of protection against phishing.
As Verizon has noted, 63 percent of confirmed data breaches involved leveraging weak, default or stolen passwords. This problem is not one that technology can fix by itself; real people are being targeted, and real people are necessary to overcome phishing attacks. User education – though not 100 percent effective against phishing attacks (some of these targeted emails areinsanely well-crafted, guys) – can help to significantly decrease the attackers’ success rates.
Has your organization done anything unique in terms of people, process or technology to help tackle the phishing problem? And, of similar importance (not really), how many other phishing puns can you think of?
Check out the lightboard video below to learn more about phishing and how Palo Alto Networks helps to prevent it.
[Palo Alto Networks Research Center]