Multi-Layered Approach to Phishing Protection

According to multiple agencies, including IBM, Verizon, the Anti-phishing Working Group, and others, phishing-related cyberattacks have hit an all-time high. According to a 2023 threat landscape report by EU security agency ENISA, phishing remains the top vector. The reason for the deluge of phishing attacks comes down to one thing - the malicious technique promises success for cybercriminals. However, to maintain this success, phishing attackers must continually up their game to adjust tactics to circumvent technological measures that detect phishing. As a result, phishing has become a highly sophisticated, complex attack method incorporating social engineering, believable fake websites, multiple attack chain elements, and effective evasion tactics.

The cybercriminals behind phishing understand the war of attrition between themselves and security vendors attempting to prevent their attacks. But the game is changing, and a new breed of multi-layered email security and protective measures to detect and avoid phishing is here.

The Complex Nature of Advanced Phishing Attacks

To understand why a multi-layered approach to email security is needed, we need to look at some examples of how these complex phishing attacks typically work:

Dridex malware has been in the wild for over ten years. However, the cybercriminals behind the malware always look for improvements in evasion techniques. New releases of Dridex often enter the threat landscape; there are an estimated 67 variants of Dridex. Dridex malware is used to steal credentials and target bank accounts. A favorite technique to deliver Dridex is using a phishing email. The email contains either a malicious link or an infected document. Dridex phishing email content can take many forms, and infected files vary and include Word and Excel files, compressed files, and may consist of hidden macros that, when activated, make calls to a command-and-control server, FTP server, or cloud site to download the Dridex malware. Dridex is highly successful, being the fourth most prevalent malware strain 2021. Dridex has recently been used to deliver ransomware and target MacOS. 

Storm-0324, identified by researchers at JUMPSEC, is another email-based threat, but this time, the attackers used Microsoft Teams to connect with a target. Microsoft has identified attackers using an open-source tool to send phishing messages to Team users. Storm-0324 is an initial access broker (IAB) known to be used in ransomware attacks. Socially engineered chat messages typically contain links that encourage readers to click, for example, a lure to an invoice or payment. The individual is then taken to a SharePoint site that has the payload.

Multi-Channel Phishing is a phenomenon that uses multiple channels to phish users. A recent Cloudflare report states, "Firms are increasingly vulnerable to multi-channel phishing, which targets users in channels beyond email." The report describes how attackers may begin the attack using email but then move the user to SMS texts, IM, social media, or cloud apps to circumvent conventional anti-phishing tools.

Cybercriminals go to great lengths to devise complex and multi-part phishing attacks. The attackers also change tactics continually to evade detection, stopping at nothing to ensure their cyberattack is successful. This makes phishing attacks challenging to prevent.

The answer is to fight fire with fire and use a multi-layered approach to phishing prevention.

Firms are increasingly vulnerable to multi-channel phishing, which targets users in channels beyond email.

Cloudflare

The Six Layers of Phishing Prevention

The following strategies are part of a whole-problem solution to phishing prevention. Using a single layer or even one or two layers will afford some protection against phishing. Still, protecting employees and your company against the persistent social engineering prevalent in advanced phishing attacks is not enough. Here are the essential six layers needed to prevent cyberattacks initiated by phishing:

Layer One: Robust Authentication

Multi-factor authentication (MFA) is a baseline layer of protection that helps if an employee is successfully phished. Even if an attacker steals login credentials, they cannot access the account because another layer of authentication is required to achieve access. However, MFA should be seen as a layer, not a panacea, as some recent cyber-attacks have been able to circumvent MFA under certain conditions.

Layer Two: Security Awareness Training

According to the Data breach Investigations report, human error is one of the main reasons data is breached. Human error takes many forms, from clicking a phishing link to navigating to malicious websites to sharing passwords and even misconfiguration of software apps. Security Awareness Training is used to educate employees about all of the ways that security breaches occur. Education typically includes interactive videos, quizzes, and tests to create a positive learning experience. Advanced Cybersecurity Awareness Training, like SafeTitan, is behavior-driven, focusing on changing risky security behavior to reduce the likelihood of a successful phishing attack. SafeTitan provides interactive, real-time interventional training to ensure employees understand what can happen when they demonstrate risky security behavior.

Layer Three: Phishing Simulations

Security Awareness Training is enhanced by using the in-practice techniques of phishing simulations. A phishing simulation platform is often part of a Security Awareness Training, like SafeTitan. Simulated phishing is a controlled exercise where fake phishing emails are sent out to employees to help train them to spot phishing signals. Essential aspects of simulated phishing campaigns are:

Phishing campaigns that reflect real-world phishing attacks; automation capabilities built to provide regular phishing training for employees; and metrics to provide feedback on the success of a phishing simulation campaign. Metrics allow you to tailor regular sessions to improve phishing recognition rates. SafeTitan provides automated and configurable phishing simulations that reduce employee phishing susceptibility by 92%.

Layer Four: Zero-Day Protection

One of the notable elements of a complex phishing attack is that many are unknown or emerging. This presents a unique problem in detection. A phishing protection solution must have the ability to detect zero-day threats. As an unknown, a Zero-day threat does not match any known signatures; signature detection is a typical method used by conventional email security gateways. Instead, anti-phishing solutions must be AI-driven. Artificial intelligence engines within an advanced anti-phishing solution are trained on millions of data points. This training allows the AI engine to predict and detect even zero-day threats. Also, these advanced email security solutions, like PhishTitan, will incorporate other AI-related techniques, such as Natural Language Processing (NLP), to detect social-engineering-based and multi-part phishing emails, such as clone phishing.

Layer Five: DNS Filtering

Comprehensive DNS filtering is a vital layer in phishing prevention. DNS filters prevent employees from navigating fake websites by creating a ‘blocklist’ of URLs. If an employee attempts to navigate to a malicious IP address by clicking on a malicious link in a phishing email, the DNS filter will stop the attempt. Advanced DNS filter, WebTitan, uses a massive “threat corpora” to train human-supervised Machine Learning algorithms. WebTitan’s AI-powered DNS Filter captures known malicious URLs and can detect emerging URLs. AI-enabled DNS filters prevent navigation to a malicious URL, including newly registered URLs and zero-day threats. A DNS filter also detects phishing using mistyped URLs (typosquatting/URL hijacking), as cybercriminals exploit common typos by buying domain names.

Layer Six: Scalable Protection

Modern phishing attacks are complex and multi-art. They use a mix of mechanisms to phish employees. Phone calls (vishing), texts (smishing), social media, and even communication portals such as Teams generate integrated phishing campaigns. Effective anti-phishing solutions must offer comprehensive phishing protection that scales across multiple types of devices.

90% of MSPs have been victims of a successful cyberattack, with 82% experiencing increased attacks targeting their clients.

MSP Insights

The Advantages of an MSP in Providing Multiple Layers of Phishing Protection

A recent report shows that 90% of MSPs have been victims of a successful cyberattack, with 82% experiencing increased attacks targeting their clients. This places an MSP in a unique position of being both the user and the supplier of anti-phishing solutions. An MSP is part of the supply chain and must seek to manage its cyber risks. Using a multi-layered approach to phishing prevention, an MSP can reduce their own internal risk and de-risk client communications. Multi-layered phishing protection incorporating the six layers of security is essential to modern phishing prevention. However, an MSP needs more than layers of measures to deliver exceptional products. Any anti-phishing offering must be designed for delivery using a managed service model. Cloud-based, automated, and integrated solutions make the life of an MSP easier and allow for seamless and easily deployable solutions. This is why TitanHQ has designed our solutions with an MSP in mind.

TitanHQ’s anti-phishing solutions include DNS filtering, AI-enabled email security, and scale to cover the many phishing channels. TitanHQ also provides automated phishing simulations as part of our behavior-driven security awareness training. Our solutions are built to deliver layers of protection and detect even the most evasive and complex phishing threats.

Find out how to protect your MSP business and your clients from complex phishing attacks: contact TitanHQ