[ad_1]
NetscopeSecure Access Service Edge (SASE) specialist launched new research It shows how the proliferation of cloud applications is changing the way threat actors deliver phishing attacks to steal data.
Netskope Cloud and Threat Report: Provides information on trends in phishing delivery methods, including fake login pages, rogue third-party cloud apps designed to mimic legitimate apps, phishing targets that host fraudulent content, and more.
While email is still the primary mechanism for delivering phishing links to fake login pages to obtain usernames, passwords, MFA codes, and other information, consumers are increasingly accepting phishing links coming through other channels, such as personal websites, blogs, and social media. You can see in the report that it is clicked many times. , search engine results. The report also details the rise of rogue third-party cloud applications designed to trick users into granting access to their cloud data and resources.
Phishing comes from all directions
Traditionally considered the biggest phishing threat, 11% of phishing attacks came from webmail services such as Gmail, Microsoft Live, and Yahoo. Personal websites and blogs, especially free hosting services, were the most common referrals for phishing content, accounting for 26%. The report identifies two main methods of phishing referrals: the use of malicious links via spam on legitimate websites and blogs, and the use of websites and blogs designed specifically to promote phishing content.
As attackers weaponize the information gap by creating pages centered around uncommon search terms and becoming one of the top results for those terms, redirecting search engines to phishing pages has become common. Examples identified by Netskope Threat Labs include how to use specific features of popular software, quizzes for online training, user guides for a variety of business and personal products, and more.
Ray Canzanese, director of threat research at Netskope Threat Labs, said: “As business staff are trained to spot phishing messages in emails and text messages, threat actors can adjust their methods and entice users to click on phishing links in other, unexpected places.
“We don’t think about the possibility of phishing attacks while surfing the Internet or on our favorite search engines, but we should all be as vigilant and suspicious as we are with incoming e-mails, and never enter credentials or confidential information on a page after clicking on a link. To login pages. always log in directly.”
The rise of rogue third-party cloud applications
Netskope’s report highlights another key phishing method: tricking users into granting access to their cloud data and resources through fake third-party cloud apps. This early trend is particularly noteworthy because access to third-party applications is ubiquitous and highly vulnerable to attack. On average, enterprise end users grant more than 440 third-party apps access to their Google data and apps, and an organization has 12,300 different plugins to access data, an average of 16 plugins per user. More than 44% of third-party apps that access Google Drive have access to sensitive information or all data on a user’s Google Drive, prompting criminals to create fake third-party cloud apps.
“The next generation of phishing attacks is upon us. “The distribution of cloud apps and the nature of their usage is changing, starting with Chrome extensions or app add-ons, requiring users to access what has become an overlooked attack vector,” Canzanese added. This is something that our customers are closely monitoring and monitoring. We expect these types of attacks to increase over time, so organizations should ensure that they limit or block new attack paths, such as OAuth authorizations. Employees should be aware of these attacks and check authorization requests, just as they check emails and messages. should be checked.”
As part of the report, Netskope Threat Labs includes steps organizations can take to identify and control access to phishing sites or applications, such as deploying a Security Services Edge (SSE) cloud platform using a Secure Web Gateway (SWG) and enabling zero-trust principles. degree. use Remote Browser Insolation (RBI) to reduce the risk of least privilege and continuous monitoring of data access, as well as browsing of newly registered domains.
Additional key findings from the report include:
- Employees continue to click and become victims of malicious links. The public understands that it only takes one click to cause serious damage to an organization. While corporate phishing awareness and training remain increasingly common, the report found that an average of eight out of every 1,000 enterprise end users clicked on a phishing link or attempted to access phishing content.
- Users are lured by fake websites designed to mimic legitimate login pages. Attackers host these websites on content servers (22%) and then on newly registered domains (17%). Once users enter their personal information into a fraudulent site, or allow it access to their data, attackers can obtain usernames, passwords, and multi-factor authentication (MFA) codes.
- Geographical location plays an important role in the speed of phishing attacks. Africa and the Middle East were the two regions with the highest percentage of users exposed to phishing content. In Africa, the proportion of users exposed to phishing content is above average at 33%, and in the Middle East it is twice the average. Attackers often use fear, uncertainty, and doubt (FUD) to create phishing scams as well as attempt to capitalize on big news. In the Middle East in particular, attackers appear to be succeeding in creating confusion about the political, social, and economic issues affecting the region.
[ad_2]
Source link
