Plenty More Phish in the Sea: Phishing Landscape is changing
Think this. You are finding your way around an unknown place, trying to find the train station. Seeing you in a muddle, a stranger approaches you and guides you. He then tells you that he can help you get the ticket faster and asks you to give him some of your important documents. Since you are in a hurry, you give it only to realise later that he was a fraudster!
Now, just translate this to a web setting. Phishing is somewhat like this. The ultimate goal of a phishing scam is to obtain valuable personal information from the user so it can be used for other crimes. Earlier phishing scams targeted users through email. Now, phishing scams have ‘evolved.’
Another phishing type on the rise is a lateral phishing attack. In this attack, the scammer uses a compromised email of a company employee to extract authentication details rather than money. The level of precision with which phishing attacks are planned are demonstrated in Business Email Compromise (BEC) attacks. For example, the Curious Orca gang validates the previously acquired information by sending blank emails. They know that the ones that bounce back are not valid and so target the rest. Additionally, the social engineering that goes into devising these phishing scams has also become more refined. In a recent cyberattack, fraudsters used Artificial Intelligence-based software to mimic the voice of a Chief Executive to demand transfer of money to an account claimed to be of a company supplier.
Emerging Technologies and Phishing
With emerging technologies, phishing attacks might get all the more sophisticated. Perhaps a harbinger is the recent research that revealed flaws in 4G and 5G networks that can enable attackers to intercept calls. They have found vulnerabilities that can enable attackers to hijack a connection and misdirect victims to phishing sites. In fact, with 5G and Internet of Things and the resultant connected world, attackers will have more options for points of attack, considering the expansion of the threat landscape. In fact, Artificial Intelligence might be used to up the sophistication level and complexity of phishing attacks. For all you know, you might be chatting with a chatbot which might be a ‘Phish-bot.’ The use of emerging technologies for cybercrime has already begun. A recent report by the UN Security Council’s Sanctions Committee on North Korea stated that the country employed Marine China, which uses a blockchain platform, to circumvent international sanctions. The report also states that North Korea has undertaken ‘spear-phishing’ attacks against 17 countries, resulting in USD 2bn in losses.
How can enterprises safeguard their networks from cybercrimes? Learn more about cybersecurity threats and the way to protect your enterprise from this evolved menace at the upcoming Cybersecurity & Cloud Expo 2020 in Olympia, London.