Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly.
“The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies,” the researchers write.
“Its success lies in its simplicity and its ability to exploit the weakest link in security systems: humans. Employees across many organizations are likely still failing to recognize phishing emails, allowing attackers to progress their attacks in this way.”
In 7.5% of attacks between May and July 2024, the researchers observed attackers using internal spear phishing to target employees.
“An email originating from an internal account is less likely to be caught by email filtering rules than those coming from impersonating domains,” ReliaQuest says. “Other users within the network are also more likely to interact with an email sent by an internal user account than those coming from external parties, something attackers conducting business email compromise (BEC) capitalize on.
Both factors increase the attacker’s chances of successfully compromising more accounts across the network. Internal spear-phishing attacks also often target users with high privilege levels, allowing attackers to escalate their privileges and gain greater control over a network to action their objectives.”
Notably, ReliaQuest observed many attackers attempting to trick users into installing malware that impersonated PDF-related software.
“In the customer true-positive incidents that we analyzed, the malicious files that attackers were attempting to deploy on customer networks were consistently disguised as PDF documents or online PDF generator tools,” the researchers write.
“While malicious attachments can be blocked or quarantined by security tools to prevent execution within a network, these approaches do not address the risk of installing unverified tools, such as those used to create PDF files, on a device. Users should also be educated that installing such tools can also lead to malware execution, which can have harmful effects for businesses, such as data theft, encryption, or account takeovers.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.