Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

Phishing Techniques in Disguise: What to Look for And Why You Should By By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto Phishing is a familiar concept to cybersecurity professionals - and hackers. According to a recent study, phishing attacks are the method of choice of cyber criminals attempting to infiltrate an organization. Why? Because they are easy to deploy and the opportunity for human error when clicking on a phishing email is high. When many of us hear the term “phishing” we may picture an obvious spam email that came from an easily recognizable fake email address. But it isn’t always that simple to spot a phishing attempt. It’s important to educate organizations on ways to avoid falling victim to phishing attempts, including how to identify the different shapes they can come in. Recently, Datto SaaS Defense detected a threat that was disguised as a communication hosted on a trusted domain, which enabled the attackers to operate below the radar of detection. New technique bypasses security detection This new phishing technique included two key elements that made it impossible for most security solutions to detect. The attack leveraged Adobe InDesign hosting reputation to hide a malicious link in an inframe. With the goal of harvesting users’ credentials, the attack was sent via email to lure users into clicking a link to access a shared document. The link directed people to a fake webpage designed using Cyber Defense eMagazine – March 2022 Edition 74 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
InDesign and uploaded to indd.adobe.com, a legitimate URL. Hosting a phishing attack in a known URL is not uncommon, but this was the first time we saw it done in InDesign. The InDesign domain also has certain characteristics that enabled the bad actors to conceal the malware; the link was hidden in an image (something that is possible in InDesign) and therefore was not identified as a URL when scanned by many security solutions. This masking technique enables attackers to avoid raising suspicions and bypass many email detection measures. This was the first time this type of technique was confirmed as a phishing attack; luckily, it was uncovered before causing serious damage. But, this new type of threat shows just how constant - and dangerous - the evolution of the cybersecurity landscape is. Cyber criminals are, unfortunately, usually one step ahead of their targets, and it’s critical to stay up to date on the latest techniques being used to best protect yourself and your organization. To build a strong cyber detection and prevention plan against phishing attempts, there are many steps companies can, and should take. Prepare for the worst So, what are companies or security-based solutions supposed to do when faced with a tricky challenge like this one? The first step is to ensure your organization has the most up-to-date and advanced security protections in place. Basic email security is not enough - it’s critical to have a security platform in place that can detect more advanced and emerging phishing techniques, especially the ones that have not yet been discovered or even developed. It’s also more important than ever that organizations adopt an assumed breach mentality: plan for when a cyber attack will happen, not if. Remote work and increased use of cloud-based SaaS platforms are essentially invitations to bad actors. As useful as these technologies are, it opens up gaps for malware to enter a system when you least expect it. Implementing security solutions to help with detection and prevention are important, but it’s even more necessary to develop cyber resilience in your company. A strong cybersecurity approach is one that starts with an assumed breach mentality within an organization, and ends with building a cyber resilience foundation. Cyber resilience is not a product or attitude, but rather an ongoing journey with an evolving mindset to grow as new threats and technologies continue to emerge. Together with an assumed-breach, cyber-resilient culture, your company will not only be prepared for the next vulnerability around the corner, but also will have the ability to respond and quickly recover from an adverse cyber event. In an ever-changing digital environment, security can no longer afford to be afterthought. It is the responsibility of each organization to ensure that when a threat emerges, they are able to minimize the risk to prevent the attack from growing and wreaking havoc on themselves or others, such as their customers. It is too easy for cyber attacks to quickly spread and have a ripple effect that can impact thousands. As dangerous cyber criminals become smarter, we must too, and take the proper steps to fight back. Cyber Defense eMagazine – March 2022 Edition 75 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
level of concern while working remo
Page 21 and 22:
The Fragility of a GPS Centric Worl
Page 23 and 24: Formerly known as LOng-RAnge Naviga
Page 25 and 26: The Role of The CFO In Enterprise C
Page 27 and 28: Help them mitigate potential risks
Page 29 and 30: The Safest Ways for Bitcoin Trading
Page 31 and 32: and clear instructions through a "N
Page 33 and 34: According to Cybereason’s “Rans
Page 35 and 36: If you implement these three tips,
Page 37 and 38: • Nearly half of zero-day malware
Page 39 and 40: Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43 and 44: Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73: Directed analytics allow these insi
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105 and 106: Critically, endpoint security only
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 113 and 114: Cyber Defense eMagazine - March 202
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
CyberDefense.TV now has 200 hotseat
Page 137 and 138:
Books by our Publisher: https://www
Page 139 and 140:
show all

Cyber Defense eMagazine March Edition for 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?