Phishing has evolved quite a bit from the days of individual bank account attacks. Although those attackers might still be around, more commonly attackers are working for a well-funded criminal organization planning major data breaches aimed at organizations, these plots can still include stealing bank information but may also include stealing company secrets, engineering plans or research data. These cyber attackers typically gain an initial foothold on a corporate network and then move around looking for the information they want. The method of phishing hasn’t changed, just the tactics they use when an individual is being phished. Now instead of a person being sent to a fake website to harvest their personal data, individuals are opening attachments with malware that records their keystrokes so that the attackers can steal their username and password credentials. These attackers then use the stolen credentials to log back in to the corporate network to have a look around.
Frequently, the attacker uses the compromised account to send an infected email to another employee, with the intent of harvesting their credentials as well. Tech savvy employees may be smart enough to avoid opening an attachment from someone that they don’t know – but when an infected email comes from a trusted employee, it’s very hard to detect and avoid opening. Now these attackers are able to harvest more username and passwords, which can contain a higher access level allowing them to find additional data in a network.
Fun Fact About Phishing
In organizations, 3 departments tend to fall for phishing attempts more frequently: Communications, Legal, and Customer Service.
According to the Verizon Data Breach Investigation Report 2015, 23% of recipients are opening phishing message attempts and 11% of these individuals click on the attachments. From those statics, 50% of victims open e-mails and click on phishing links within the first hour of the e-mail being deployed. To break it down even further, these e-mails were opened within one minute of receiving it. How are organizations supposed to defend their networks against phishing attempts that happen that rapidly; the simple answer, they can’t.
Although there is no way to stop attackers from phishing your organization you can take a steps toward preventing the attackers from using stolen credentials and getting in to your network. With SecureAuth IdP you can detect when someone is trying to use stolen credentials to access your applications with features like Adaptive Authentication and Device Fingerprinting.
To learn more about SecureAuth IdP or how to prevent compromised credentials from being used against your organization check out our white paper Preventing Attackers From Getting What They Want: A Case for Context-Based Authentication.