Threat Intelligence Blog

Posted July 30, 2015


Ninja Login

Image source: Thinkstock

Author: Tim Vert

We read so much in the news these days about the financial cost, brand erosion, and reputation damage that comes with data breaches at companies both large and small. In the midst of all the activity to make sure that your assets are as impenetrable as possible, people sometimes forget that one of the leading causes of breaches is a successful phishing attack against a company’s employees.

A phishing, or social engineering, attack is an attempt by a threat actor to acquire confidential information through any form of interaction with a victim. A form of phishing is spearphishing, which is when a hacker targets a specific individual – usually under the pretext that they have legitimate business to conduct – to acquire sensitive information from them or as a means to deliver malware that then enables the criminal to infiltrate the victim’s network. While, educating and training your employees to take caution with their online activities is one of the best ways to stop breach attempts, much more can be done to detect, or even block, phishing and spearphishing campaigns before they can do any damage.

Here are five preventative measure you and your employees can take to protect yourselves against phishing attacks:

1. Abuse email monitoring: If you see something, say something. We hear this all the time when it comes to security for planes and trains, and the same advice should be followed when it comes to your communications. If you receive a suspicious email or phone call, don’t hesitate to report it. Although you may know not to respond, another employee may fall for the scam. You will save your company time and money from having to combat the fallout of a compromised system.

Organizations should have a designated email or phone number for employees to contact if they need to report any strange incidents.Other proactive steps you should take are to collect all reports in one place so attack trends can be spotted easily, as well as to have a system that monitors suspicious activity 24/7 and can react quickly regardless of the threat.

2. Dead email box monitoring: It is likely that your company has a ton of email addresses from former employees that are no longer active, but may still be listed on websites in the open source (or in spammer/phisher databases). Consequently, those accounts may still receive junk email. Instead of ignoring the emails sent to these non-active addresses, you should monitor them as they could be receiving emails from bad actors. These pre-made honey-pots are a great early detection source for spearphishing threats against your current employees.

3. Domain registration monitoring: In many cases, one of the first signs of an impending social engineering attack is the registration of a domain name that closely resembles a company’s brand. That domain name can then be used to set up webpages and send emails that impersonate the real thing. Monitoring domain name registrations can keep you updated to when a domain name similar to your brand name is registered, allowing you to identify and remove these domain names before they can negatively impact your brand.

4. DMARC configuration assistance and monitoring: A common phishing or spamming tactic is spoofing an email’s “From” field. This allows the threat actor to make the email look like it’s coming from anywhere or anyone – typically a trusted source. Use of Domain-based Message Authentication, Reporting & Conformance (DMARC) to identify and block emails spoofing your brand will quickly make you a much harder target to these sorts of impersonations. DMARC is a free and simple technical specification that will help you take control of the use of your brand by unauthorized parties, something to which you may otherwise be blind.

5. Web log monitoring: When creating false websites, many phishers will save time by only building a few impersonating web pages and then linking those to your legitimate ones. These fake pages will appear in your web server logs as referrer URLs linking into your site. Monitoring for these instances in your website logs allows you to find and takedown malicious sites even while they are being created. Always make sure you’re running the latest version of your content management platform, and that vulnerabilities are patched so that no one can easily hack into your website.

As threats continue to evolve and come from a variety of sources, many companies don’t have the resources to incorporate all of the above tips into their security strategy. The key is finding a service designed to keep an eye out for bad actors targeting not only your brand, but also your employees.

Cyveillance can provide 24/7 monitoring of domain name registrations, as well as any feed, email, or weblog for malicious phishing content. Contact us if you would like more information on our proprietary Anti-Phishing solution or Domain Registration Monitoring service.

Additional Posts

Cyveillance Phishing Report: Top Targets – August 3, 2015

  Phishing Report: Top Targets Week of July 26 - August 1, 2015 Author: Robert McDaniel ...

Cyveillance Weekly Cyber Security Trends Report – July 28, 2015

Welcome to the Cyveillance Weekly Cyber Security Trends Report Since threat intelligence is ...