By Rotem Shemesh, Lead Product Marketing Manager, Security Solutions, at Datto
Phishing is a familiar concept to cybersecurity professionals – and hackers. According to a recent study, phishing attacks are the method of choice of cybercriminals attempting to infiltrate an organization. Why? Because they are easy to deploy and the opportunity for human error when clicking on a phishing email is high.
When many of us hear the term “phishing” we may picture an obvious spam email that came from an easily recognizable fake email address. But it isn’t always that simple to spot a phishing attempt. It’s important to educate organizations on ways to avoid falling victim to phishing attempts, including how to identify the different shapes they can come in. Recently, Datto SaaS Defense detected a threat that was disguised as a communication hosted on a trusted domain, which enabled the attackers to operate below the radar of detection.
New technique bypasses security detection
This new phishing technique included two key elements that made it impossible for most security solutions to detect. The attack leveraged Adobe InDesign’s hosting reputation to hide a malicious link in an inframe. With the goal of harvesting users’ credentials, the attack was sent via email to lure users into clicking a link to access a shared document. The link directed people to a fake webpage designed using InDesign and uploaded to indd.adobe.com, a legitimate URL. Hosting a phishing attack in a known URL is not uncommon, but this was the first time we saw it done in InDesign. The InDesign domain also has certain characteristics that enabled the bad actors to conceal the malware; the link was hidden in an image (something that is possible in InDesign) and therefore was not identified as a URL when scanned by many security solutions. This masking technique enables attackers to avoid raising suspicions and bypass many email detection measures.
This was the first time this type of technique was confirmed as a phishing attack; luckily, it was uncovered before causing serious damage. But, this new type of threat shows just how constant – and dangerous – the evolution of the cybersecurity landscape is. Cybercriminals are, unfortunately, usually one step ahead of their targets, and it’s critical to stay up to date on the latest techniques being used to best protect yourself and your organization. To build a strong cyber detection and prevention plan against phishing attempts, there are many steps companies can, and should take.
Prepare for the worst
So, what are companies or security-based solutions supposed to do when faced with a tricky challenge like this one?
The first step is to ensure your organization has the most up-to-date and advanced security protections in place. Basic email security is not enough – it’s critical to have a security platform in place that can detect more advanced and emerging phishing techniques, especially the ones that have not yet been discovered or even developed. It’s also more important than ever that organizations adopt an assumed breach mentality: plan for when a cyber-attack will happen, not if. Remote work and increased use of cloud-based SaaS platforms are essentially invitations to bad actors. As useful as these technologies are, it opens up gaps for malware to enter a system when you least expect it.
Implementing security solutions to help with detection and prevention is important, but it’s even more necessary to develop cyber resilience in your company. A strong cybersecurity approach is one that starts with an assumed breach mentality within an organization and ends with building a cyber resilience foundation. Cyber resilience is not a product or attitude, but rather an ongoing journey with an evolving mindset to grow as new threats and technologies continue to emerge. Together with an assumed-breach, cyber-resilient culture, your company will not only be prepared for the next vulnerability around the corner but also will have the ability to respond and quickly recover from an adverse cyber event.
In an ever-changing digital environment, security can no longer afford to be an afterthought. It is the responsibility of each organization to ensure that when a threat emerges, they are able to minimize the risk to prevent the attack from growing and wreaking havoc on themselves or others, such as their customers. It is too easy for cyberattacks to quickly spread and have a ripple effect that can impact thousands. As dangerous cybercriminals become smarter, we must too and take the proper steps to fight back.
About the Author
Rotem Shemesh is the Lead Product Marketing Manager for Security Solutions at Datto and plays a significant role in expanding and positioning Datto’s cybersecurity offerings. She was the head of marketing at BitDam and was responsible for all marketing and Go-to-Market efforts for 3 years. At BitDam, when it was a small cybersecurity start-up, she established the company’s marketing efforts from the ground up and was instrumental in the company’s success over the years, as well as the effective merge with Datto. Building BitDam’s marketing strategy, messaging and brand, as well as driving demand generation, communications, and channel marketing, she successfully positioned the company as a disruptive cybersecurity startup well recognized by the market, analysts, journalists, and other industry players.