October 22, 2020
Phishing attacks rely on different informational aspects, ranging from personal to political. Even the current COVID-19 pandemic is seen by tattackers as an opportunity to gain financial benefits. As the public is extensively relying on digital media for information and advice about this pandemic, they unknowingly tend to fall victim to phishing attacks designed by threat actors. For example, utilizing the latest news bytes to lure victims into clicking on malicious links and downloading attachments, which install malware onto their systems. The number of steps involved in these processes differs concerning the type of phishing attack. The most advanced methods involve the use of artificial intelligence (AI), which could record and analyze the voice pattern of the head of an organization and recreate a call with unlimited responses to authorize and order an immediate transfer of a huge sum of money.
The reason for any hacker to attempt a cybercrime may vary from being financially motivated to being state-sponsored, where the former contributes to 71% of the total cases. The top three industries that are the most affected by phishing are public, information, and financial services. As described earlier, phishing attacks are merely the first stage of a sophisticatedly designed larger attack, and the follow-up attacks like malware deployment, ransomware, etc., form an important part of the cyberattack. Nevertheless, the ability of these follow-up attacks to deal with the damage to a system depends upon the success of a phishing attack. Thus, it is not uncommon to see Google block more than 100 million phishing emails each day as hackers try to steal sensitive information and deploy malicious software.
Based on the different modes it utilizes and the different methods involved, any phishing attack could be classified into one of the below categories:
1. Spear Phishing
This type of phishing involves customized emails/campaigns, tailor-made to match the interest of a specific target to make it seem more relatable and less suspicious. To attempt this, a thorough reconnaissance is required on the part of the attacker to obtain as much information as possible related to the victim. The usable information from the reconnaissance can include aspects such as names and emails of people, whom the target is familiar with, to give the target a false belief that they know the origin of the mail.
This type of phishing involves SMS phishing (thus, named Smishing). This is more common with mobile-based phishing attacks. It is one of the oldest and commonly known scams where the threat actor lures the lesser educated victims via lottery schemes.
Whaling is a type of spear phishing attack that targets a probable victim who could yield larger financial gains. For example, senior executives and other high-profile people whose level of trust, access, and authority is higher within an organization, such as C-Suite executives. The above-described example of the use of AI could also be classified in this category.
4. Clone phishing
Clone phishing could exclusively be defined as an email-based phishing attack that involves extensive reconnaissance, and the phishing being email is developed upon its output. For example, a previously delivered legitimate email between two parties, if leaked, could have its contents used to create an identical or cloned email. The attachment or link from the previous email is then replaced with malicious URLs or attachments and then sent to the target from an email ID containing a similar domain address as that of the original counterpart. This mail would generally appear as a resend of the original or follow-up.
5. Uplink manipulation
Link manipulation is a part of most of the classic phishing mails, where the original link in the mail is replaced by a malicious one. This could also be further developed into website forgery. Misspelling the URLs or using subdomains is commonly used in the phishing process, and the major part of the link is kept intact. The attack crashes onto the common human habit of not reading the complete link and its decryption.
6. Filter evasion
Phishing emails need to bypass mail filters (also known as spam filters) that generally mark them as spam and move them to trash/spam box. Some of the less sophisticated evasion methods involve the use of images embedded with malicious links, instead of text, hence making it harder to detect them, as basic spam filters rely on distinct (spam) words in their repository to recognize and classify whether a mail is genuine or spam.
7. Website forgery
8. Covert redirect
Covert redirect is a more sophisticated and evolved form of website forgery that makes use of a legitimate website at initial stages, but eventually redirects the user to a malicious website. Sometimes the malicious browser extensions/cookies are used to redirect users to phishing websites covertly. This is only possible if the attacker has already gained control of the actual webpage.
9. Social engineering
Though social engineering is a wide topic, the degree of its use in phishing attacks has led it to being classified as one of its many types. Social engineering uses psychological manipulation to trick a person into divulging sensitive information through a malicious link or downloading an attachment. For example, the recent COVID-19 pandemic has aroused the interest of many people in reading news and updates related to healthcare. As a result, many threat actors have developed fake news, blogs, health updates, or maps to lure people into clicking those links.
10. Voice phishing
Not all phishing attacks require a fake website or email. Calls that claim to be from a bank or a legitimate organization prompting the users to reveal their sensitive and financial damaging information such as account numbers, PIN, password, etc., could be termed as voice phishing or Vishing. As described above, the use of AI has made some jaw-dropping advances in this topic.
How common are phishing attacks?
The year 2019 saw a sharp increase in these attacks, and reports state that 94% of malware was delivered via email. A spike in phishing cases and the corresponding hacker activity was noted in comparison with those previous years. As phishing attacks are not in malware themselves, the ability of cybersecurity tools and techniques drops sharply, as the latter is predicated on the technical concepts and functioning of cyberattacks and is engineered to find and provide technical solutions. Let us consider the basic example of spam filters that are based on and utilize Bayes theorem (like Naïve Bayes spam filter) to determine the probability of a particular mail being spam. The filter matches the words in the mail against the words generally used for spam emails and based on its match percentage declares the authenticity of the mail. However, the same could not be said for phishing emails, as we have described earlier that spear and clone phishing is designed sophisticatedly to appear legitimate.
With the coronavirus pandemic affecting everything and everyone from individuals to major corporate firms, its impact upon the cybersecurity landscape cannot be ignored. Many regional and global cybersecurity institutions have reported a spike in cybercrime throughout the globe. A sharp rise in multiple phishing cases and hacker activity has been noted during the global strike of the novel coronavirus.
These attacks imply that the threat actors tend to exploit such situations to satisfy their financial gains or other malicious cause. The current COVID-19 pandemic is being exploited by these attackers to cash onto the fear and curiosity of people to spread false and misleading information.
Though the occurrence of phishing was not uncommon before the havoc of COVID-19, now that many organizations are busy combating the spread of this pandemic, threat actors are trying to exploit the constrained manpower and resources committed to combating cyberattacks. Cybersecurity is also dependent on many other branched sources and processes to form a network of security operations; thus, even the closure of any one vertical will hit the efficiency of the entire network. Currently, the major sector that is being targeted is the business sector which is already slumping due to market conditions. In many countries, due to the lockdown and self-quarantine rules, employees are working remotely and are away from the organization’s security infrastructure. These endpoints are vulnerable to phishing emails, as generally there would exist many security measures against phishing that an organization would normally incorporate into its security infrastructure, but during this crisis, many organizations and government bodies majorly focus their attention towards fighting the spread of the disease. Hence, the manpower and resources committed to cybersecurity are stretched thin, and like any other business process, cybersecurity is also dependent on many other branched sources and processes to form the network of the security operation, the closure of even one vertical will hit the efficiency of the entire network.
Irrespective of the available security measures in place, even a well-secured network could still be hacked if the user himself is not aware of cybersecurity threats and its preventions. Looking at the examples above wherein the phishing attacks prompted users to log into the malicious OneDrive, hence siphoning their username and password to access their system. Once the phishing attack is successful, the credentials for both cloud and VPN could be obtained easily by dropping sniffers and decryption tools into the user’s system. Where the sniffers try to search for logs or files in which the credentials might have been stored, and the decryption tools try to work on the weak symmetric ciphers. Thus, supporting the point of security experts who believe that the users are the first line of defense to combat phishing attacks.
Ass discussed earlier, the mitigation of phishing attacks cannot be based solely on technical solutions and needs a more flexible and robust solution. As the user could be considered as the first line of defense against any cyberattack, the knowledge on how to tackle phishing attacks is the most prominent. The measures that can help individuals and organization prevent phishing could be listed as:
Only knowing about phishing theoretically may not be entirely sufficient; even if a person knows that email phishing is done via sending malicious/spam emails, the individual may not be able to differentiate between a benign and malicious email when faced with an actual phishing email. Thus, it is important to have practical experience in dealing with phishing attacks.
A. Spear phishing is a targeted attack that requires detailed research on the victims before sending a customized email or text.
Phishing simulations help employees to understand how to identify the early warning signs of a malicious email.
There exists many tools and applications that could help in avoiding Phishing. Also, being skeptical of requests for personal information, whether you receive them via email, messenger, text, or phone call, is a must.