Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security

1/2/2019
09:15 AM
Atif Mushtaq
Atif Mushtaq
News Analysis-Security Now
50%
50%

Phishing & Social Engineering Attacks Will Rise in 2019

The rise of fileless attack techniques and other developments is making phishing a much more serious problem for enterprise security. As we head into 2019, a new approach is needed.

The cybersecurity field has made great strides in recent years through improvements to email and web security solutions, next-gen antivirus solutions and overall network, operating system and browser hardening.

In turn, threat actors have changed their strategies by adopting hard-to-detect, fileless phishing attacks that exploit the more vulnerable human attack surface. (See New Worm Helps Spread Fileless Version of Bladabindi RAT .)

The threat landscape for 2019 is evolving due to new types of phishing and social engineering attack vectors and methods. These threats are rapidly morphing beyond phishing emails with malicious attachments to penetrate organizations through browser-based attack vectors designed to trick users into divulging sensitive information or install man-in-the-browser snoopware to run stealthily in browser memory.

In short, CSOs and security managers must focus attention on the growing number of threats that leverage malicious sites, regardless of phishing attack vector.

In 2019, cybercriminals will continue to use phishing emails, though the percentage of emails that include malicious attachments will decline as those with malicious links continue to increase. In addition, use of phishing attack vectors beyond email will expand. These vectors include phishing through ads, pop-ups, social media and chat applications. Hackers are also building seemingly legitimate browser extensions that provide useful functionality.

However, these rogue extensions can also act as snoopware to surreptitiously capture credentials that enable additional attacks on the machine or the corporate network.

The battlefield is shifting to compromised websitesWith anti-phishing solutions becoming more adept at spotting newly registered or otherwise suspicious domains, attackers are expanding their use of normally benign but compromised websites to host their malicious phishing pages. This helps them avoid detection and blocking by URL filtration systems and web isolation technologies.

An ecosystem of bad actors is emerging to support this activity. Our threat researchers have noticed a growing number of benign website login credentials for sale on the Dark Web. (See Watch Out: The Dark Web Is Really Watching You.)

Let's be clear -- the concern is not about the browser itself becoming exploited through a software vulnerability.

The most popular browsers are being made more secure all the time. The real issue involves a wider variety of ways that users are tricked into adding malicious browser extensions that can lead to bad outcomes or clicking a link that silently installs snoopware in browser memory.

Most security teams are aware of these new threats, but they are unclear on how to respond. Firewalls are only effective when there is a known malicious URL to block, but the hackers have become skillful at quickly propping up new unidentified web pages, and also using compromised legitimate sites and then shutting phishing pages down again within hours to avoid detection.

By the time they are typically discovered and blocked, the attacks are already done and have moved on. This has given rise to more anti-phishing technologies that can do real-time as well as pre-emptive phishing site detection.

Fresh approaches to thwarting phishingCybercriminals are increasingly turning to social engineering attacks that exploit the human attack surface to evade existing safeguards and gain entry to corporate networks.

These new threats don't directly target the device, the software or the network. The primary target is the employee behind the browser. In other words, the most vulnerable link in the chain is the end user. With more than 4 billion Internet users who own a few connected devices each, and with web usage increasingly common for everyday business tasks, the expansive scope of this problem becomes all too clear.

Security teams will need to deploy new tools and strategies to block phishing threats on the web, before users get duped into doing things that compromise their organizations. On-going phishing awareness training for employees should be a part of any layered security strategy, as should anti-phishing solutions that can detect and help block live web-based phishing threats.

Clearly, this is an on-going game of cat-and-mouse with 2019 promising to bring even more sophisticated phishing attacks to manipulate users. As Google and other browser makers crack down on rogue browser extensions and apps, rogue extension makers will devise new ways to avoid detection. (See Google Chrome 71: Bugs Squashed & New Ways to Block 'Abusive Experiences'.)

With so much sensitive information being passed through the browser via cloud-based apps and cloud storage systems, tricking users and getting man-in-the-browser for snooping is just too tempting a target for cybercriminals.

Related posts:

Atif Mushtaq has spent most of his career on the front lines of the war against cybercrime. Before founding SlashNext, he spent nine years as a senior scientist at FireEye, where he was one of the main architects of FireEye's core malware detection system. Mushtaq has worked with law enforcement and other global agencies to take down some of the world’s biggest malware networks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...