Why Site Cloning?
Site cloning is a popular tactic used by phishermen where a login portal is cloned, hosted on a threat actor’s server, and modified slightly, so that whatever a user types in for the username and password is sent back to the attacker. Alternatively, the threat actor could include an exploit on the cloned site that they believe would be effective. Email portals, remote access portals, social media login portals, and anything else a user may login to are good choices.
Why Documents with Malware?
Malware within electronic office documents is another popular tactic used by phishermen, where a purportedly legitimate document contains malicious code that will either trigger when the user opens the document or when the user opens the document to enable macros. Macros and recent exploits for Microsoft, Java, Adobe, and other common third party products are used to conduct successful phishing campaigns.
How IT Can Help
The role of an organization’s IT department involves education, technology, and policies in limiting the damage of phishing attempts, if successful. In addition, IT should work to prevent phishing attempts from the start. Here are some of the methods and tactics an IT department should have in place.
- Multi-Factor Authentication—All remotely accessible services that are facing the Internet should be secured with multi-factor authentication.
- Employee Awareness—All employees should be regularly educated to raise their awareness of phishing attacks and what they look like.
- Assessment of Training Effectiveness—Employees’ level of awareness can be assessed by conducting regular phishing campaigns internally or through a third party.
- Keeping Systems Patched— In the event of a successful phishing campaign, having systems patched is critical to preventing the initial foothold of a threat actor.
- Spam Detection—While not a cure-all, an email gateway with spam detection capabilities will have an impact on the amount of spam and phishing attempts that reach each end user.
- Limit Access/Least Privilege—Users need access to do their jobs, but many companies suffer from access creep or allotting more permissions than needed for an employee to do their job effectively.
- Visual Indicators for Employees—Additional visual cues should be in place to assist employees in identifying phishing attempts.
LBMC Information Security’s team of experts stand ready to help organizations armor up with a wide range of security services, including the execution of phishing attacks. Contact us today to learn more about our phishing services that are intended to assess the effectiveness of internal corporate security training and the effectiveness of security controls in place if a threat actor were to gain access.