If we learned anything from 2021, it’s that it’s almost ALWAYS a phish and crafty threat actors continue to adjust their tactics and methods to capitalize on world events at lightning speed. From the return of Emotet to the rise of Business Email Compromise (BEC), threat actors took aim at organizations of all sizes and types, bringing new trends to the phishing threat landscape in 2022 that managed service providers need to know to better protect themselves and their customers.
MSPs See A Rise In Credential Phishing Attacks
MSPs benefit by adopting a “Cloud First” strategy and continue to migrate to Microsoft O365 to better serve their clients. During 2021, Cofense data showed a 10-percentage point increase in credential phishing attacks related directly to cloud services. To lure users into logging into fake sites, attackers impersonate well-known brands and logos and present them as legitimate.
Certain brands are more likely to be targeted. The data shows attackers are utilizing a combination of trusted and familiar brands and well-crafted requests to get what they need from unsuspecting victims. Across all emails scrutinized, the top-detected brands include Microsoft; specifically, Account Notifications, as well as emails mentioning SharePoint and OneDrive. And these “brands” are among several others your clients use frequently.
The fake brands and logos can be pixel-perfect and not easy to detect by busy humans. What is needed is a combination of technology and human conditioning to combat credential phishing. Only artificial intelligence (AI), such as computer vision, can inspect the logos and compare them to the ultimate destination URL, giving technology more data points to determine if an email is a phish.
Links in HTML Attachments Are Replacing Malware
There are fewer malware file-based phishing campaigns as attackers focus more on credentials. These sophisticated attacks use malicious URLs which may appear in an HTML attachment downloaded locally. During 2021, Cofense recognized a 150% growth rate in HTML attachments in phishing attacks. This represents about 30% of all credential phishing attacks.
Clearly, threat actors know that many tools, including anti-virus and Secure Email Gateways (SEGs), can detect most file attachments, so they focus instead on HTML attachments -specifically inline HTML attachments which can be seen and interacted with directly from the body of the email.
Unfortunately, these URLs are often missed by traditional email security including SEGs. While a SEG serves its purpose to remove known threats from your users’ inboxes, none are 100% secure when it comes to unknown threats. And the data shows techniques to evade automated URL analysis have improved, resulting in more emails getting through.
Added to this, attackers increasingly employ CAPTCHA-protected phishing sites to create a sense of legitimacy. Because of this, rapid detection and response to threats has never mattered more. When malicious emails reach the inbox, the chance of at least one click remains high. What are you doing to protect your business from a breach?
No one wants active links left alive in a phishing email, even if it gets moved to the junk folder. MSPs need a technology solution which detects these attacks in real-time, and then deactivates the malicious links so they are no longer a threat.
It Starts With The Human
The 2022 Annual State of Phishing Report highlights the human element as a key factor from two perspectives: First, humans have shown increased susceptibility to BEC. And humans benefit greatly from training and become more resilient to attack when an effective Security Awareness and Training regimen exists.
BEC does not rely on malicious URLs or malware, and there is nothing to install which requires reliance on the human since there is no SEG which can detect it. BEC attacks are conversational-based and in 2021, BEC trended toward direct deposit scams, gift card fraud, and invoice scams, accounting for billions in losses around the world.
For example, an employee may get a request to make a change in payroll routing and to supply personal information. Or their “CEO” asks them to run an urgent errand and obtain some number of gift cards. If a previous email chain is hijacked, the user sees the existing emails in the chain and is then at a disadvantage to discover the attack. Again, using AI’s ability to interrogate multiple signals in a BEC attack email gives MSPs back the advantage they need to detect and neutralize this threat.
Finally, your human clients are a great asset in preventing attacks if they are trained to look at the right elements of an email. The most effective programs deliver phishing simulations and security courses during the months of the year on a regular cadence. By offering email protection and training together, MSPs have an opportunity to present a strong email security brand, distinguishing themselves from other MSPs in the marketplace.
MSPs need fewer tools, not more. Having access to a comprehensive email security solution that can offer phishing protection, simulations, and training courses through one multi-tenanted UI is crucial to ensure they can focus on their business – knowing they are actively protecting themselves and their customers. Learn more about the real-time phishing detection and user training offered together with Cofense Protect MSP.
For more information, download the 2022 Annual State of Phishing Report and sign up for our monthly webinar series to learn how you can help your customers avoid a breach from the phishing threats that are targeting MSPs around the globe.
Rich Keith is senior product marketing manager at Cofense. Read more Cofense guest blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
