Companies have increasingly allowed bring your own device (BYOD) policies to support remote work, but in today’s cybersecurity landscape, this trend has led to an increased attack surface. Each additional endpoint increases the potential for credentials to be compromised through credential phishing attacks. Hackers are leveraging this trend to conduct insider attacks, leaving businesses vulnerable to data breaches.
According to CISCO’s 2021 Cybersecurity threat trends report, 90% of all data breaches happen through phishing attacks. In particular, spear phishing contributes to 65% of breaches. It should be reemphasized that often all an intruder needs is a single set of valid credentials to compromise an entire network’s data. The widespread use of simple passwords, single-factor authentication, and cloud services have all contributed to the exponential growth of credential phishing attacks.
Indeed, cybersecurity professionals are constantly facing challenges in keeping an organization’s network out of the hands of intruders. In this blog, we’ve decoded all the information that you need to be aware of to mitigate the risk of credential phishing attacks.
What is a credential phishing attack?
Credentials include usernames, email IDs, passwords, pins, and other personally identifiable information (PII) used to authenticate a user’s access. A phishing attack is a social engineering tactic used by hackers to steal credentials via psychologically manipulative communications on email, SMS, social media, etc. Credential phishing in particular is the easiest and most popular tactic used by malicious agents to steal credentials. While not all stolen credentials directly lead to stolen data or compromised networks, hackers will often use these stolen credentials to phish secondary targets who have more privileged access.
Attackers are sometimes motivated by who the victim is, intent on causing havoc or gaining insight and access to particular information. Other times the victim is undifferentiated and the attacker is motivated by direct monetary gain. In these cases, adversaries might ask for a ransom to give back the stolen sensitive information or try to sell the stolen credentials on the dark web (which in turn leads to persistent attacks).
Alongside phishing emails, hackers also use other variants like smishing (SMS-based phishing) and vishing (voice-call-based phishing) attacks to increase their success rate.
How does a credential phishing attack work?
Targeted phishing attacks (aka spear phishing) is an email-based phishing attack that appears to be from trusted sources but is sent by hackers. Spear phishing is the most common type of phishing attack hackers use to intrude into an organization’s network.
Here’s an example of how a phishing attack can occur.
First, an intruder chooses an employee via LinkedIn or any other social media platform, then thoroughly researches the target. The intruder then determines which details are pertinent for instilling confidence in their target, such as which email ids they might trust or the name of a client or project. Next, they’ll send an email with a phishing link in it; usually, the link redirects the target employee to a lookalike website. Hackers typically use social engineering tactics to create a sense of urgency in the victim, making them less likely to notice they’re being tricked before entering their login credentials. Once the attacker steals your credentials, they log in using your credentials as a proxy and conduct an insider attack.
Detecting credential phishing attacks
Hackers are constantly prying on systems to exploit any vulnerabilities and demolish your network infrastructure. There are a few ways to detect phishing attempts, so it’s crucial to keep an eye out for anything out of the ordinary. For example, before clicking any email links, hover the mouse over them to check whether it’s pointing to a legitimate website. Even if the website is legitimate, hackers might still trick you by sending a genuine link to a website but then intercept your connection and perform a man-in-the-middle attack. Other things to check include the message’s spelling, grammar, tone, and urgency after confirming the sender’s email id and the subject line for reliability.
Preventing credential phishing attacks
When hackers conduct sophisticated attacks through malware, security software will act as the first line of defense. However, when hackers utilize social engineering tactics, they sidestep security software by cleverly persuading an employee as a target for their attack.
One general prevention strategy is to conduct cybersecurity awareness training. All employees should be trained to identify common cyberattack techniques, including phishing and scam emails, as well as other tactics an intruder might use. Instill an expectation of pausing and thinking before sharing any sensitive information. When it comes to seemingly pertinent requests, your employees should be expected to confirm with the recipient through a call or some other method. This might seem trivial but it goes a long way to keep your network secure.
Other than educating employees, you can reduce the risk of phishing attacks by implementing the following security measures in your organization.
-
Enable multi-factor authentication (MFA): Organizations have to implement MFA to add another layer of security when authenticating a user. Even if hackers gain a user’s credentials, those hackers will be slowed down or thwarted because they won’t have access to a one-time password (OTP) or other authentication methods.
-
Use browser extensions and firewalls: Use programs and add-ons that filter out suspicious websites, untrusted IP addresses, and phishing emails. Set up triggers to instantly alert users when they might accidentally be interacting with threats.
-
Adopt a zero-trust policy: Before your employees fall into the trap of an attacker, proactively mitigate the risk of credential phishing attacks with the help of advanced UEBA data-driven ML-based techniques.
-
Deploy privileged access management (PAM): Periodically monitor all the privileged user accounts within an organization’s network. Limit the number of privileged users who have access to confidential information.
How will ManageEngine Log360 help me mitigate the risk?
With proper training and the right software, you will be able to mitigate most risks of data breaches. However, the nature of credential phishing attacks makes them hard to detect, regardless of how well you train employees. Therefore, it’s wise to rely on an intrusion detection system (IDS) and endpoint security mechanisms to combat the risks of credential phishing attacks. When an intruder logs in using the stolen credentials of an employee at an unusual time, or tries accessing any sensitive resources, Log360 takes prompt action and sends real-time alerts to your SOC team, thus improving the incident response time.
ManageEngine Log360 is a comprehensive SIEM solution that enables you to proactively mitigate internal and external security attacks, as well as spot insider attacks, data exfiltration, and account compromises, with its ML-driven UEBA module. Log360 also provides out-of-the-box reports and real-time security alerts of threat detection, incident responses, and events in your network and keeps hackers at bay.
Download and explore the comprehensive features of ManageEngine Log360 with a free 30-day trial version. We would be thrilled to walk you through our product.
