Netskope threat research : Next generation of phishing attacks uses unexpected delivery methods to steal data
etskope , a leader in Secure
N
Access Service Edge ( SASE ), has unveiled research that shows how the prevalence of cloud applications is changing the way threat actors are using phishing attack delivery methods to steal data .
The Netskope Cloud and Threat Report : Phishing , details trends in phishing delivery methods such as fake login pages and fake third-party cloud applications designed to mimic legitimate apps , the targets of phishing attacks , where the fraudulent content is hosted and more .
Although email is still a primary mechanism for delivering phishing links to fake login pages to capture usernames , passwords , MFA codes and more , the report reveals that users are more frequently clicking phishing links arriving through other channels , including personal websites and blogs , social media and search engine results . The report also details the rise in fake third-party cloud apps designed to trick users into authorising access to their cloud data and resources .
Phishing comes from all directions
Traditionally considered the top phishing threat , 11 % of the phishing alerts were referred from webmail services , such as Gmail , Microsoft Live and Yahoo . Personal websites and blogs , particularly those hosted on free hosting services , were the most common referrers to phishing content , claiming the top spot at 26 %. The report identified two primary phishing referral methods : the use of malicious links through spam on legitimate websites and blogs and the use of websites and blogs created specifically to promote phishing content .
Search engine referrals to phishing pages have also become common , as attackers are weaponising data voids by creating pages centred around uncommon search terms where they can readily establish themselves as one of the top results for those terms . Examples identified by Netskope Threat Labs include how to use specific features in popular software , quiz answers for online courses , user manuals for a variety of business and personal products and more .
“ Business employees have been trained to spot phishing messages in email and text messages , so threat actors have adjusted their methods and are luring users into clicking on phishing links in other , less expected places ,” said Ray Canzanese , Threat Research Director , Netskope Threat Labs . “ While we might not be thinking about the possibility of a phishing attack while surfing the Internet or favourite search engine , we all must use the same level of vigilance and scepticism as we do with inbound email and never enter credentials or sensitive information into any page after clicking a link . Always browse directly to login pages .”
The rise of fake third-party cloud apps
Netskope ’ s report discloses another key phishing method : tricking users into granting access to their cloud data and resources through fake third-party cloud applications . This early trend is particularly concerning because access to third-party applications is ubiquitous and poses a large attack surface .
On average , end-users in organisations granted more than 440 third-party applications access to their Google data and applications , with one organisation having as many as 12,300 different plugins accessing data – an average of 16 plugins per user . u intelligent DATA SECURITY www . intelligentciso . com
57