Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 24, 2021 | Troy Gill

Combatting “”Living Off the Land”” Phishing Attacks

Follow these four tips to help your clients reduce the growing risk of email threats.

Over the last year, cybercriminals have continued to evolve and improve their phishing distribution methods, with many embracing more targeted attacks versus utilizing large-volume email blasts. One method growing in popularity is living-off-the-land (LotL) style attacks. In a similar fashion to “”fileless malware,”” threat actors attempt to fly under the radar by exploiting existing tools and services that are otherwise legitimate to essentially hide their phishing activity in plain sight.

With this tactic, attackers use the white noise for cover while leveraging the good reputation of the domains they are abusing. This also opens up the possibility of exploiting allowed lists in both perimeter and internal security controls. Additionally, the social engineering aspects of these attacks go a long way toward disarming users who may otherwise know better.

This attack strategy is not new by any means, but there has been a noticeable escalation amid the pandemic. Some of the attacks involve communicating directly from a legitimate platform, while other strategies include abusing said platform to either redirect or host the payload via credential harvesting or malware delivery.

Cybercriminals are likely to increase the number of organizations they target, as doing so will help them find new ways to blend in with legitimate traffic. Managed IT service providers should prepare their clients now.

Here are four tips to help your clients reduce the risk of these and other email threats:

  1. Perform an audit of the email environment

The first step to enhancing security posture is for organizations to understand how their current policies and settings stack up. For Microsoft Office 365 users, an Office 365 security audit can examine the mailboxes of admins and general users and flag any potential vulnerabilities before they can be exploited, as well as accounts that may have already been compromised.

Once visibility has been achieved, encourage clients to adopt a solution that can help them continuously monitor their email environment so that they don’t miss out on any changes that could spell disaster.

  1. Limit authorized use of third-party services and utilize end-to-end encryption

While businesses should certainly be asking third-party vendors about their security policies, it is equally important to ensure your clients have implemented internal guidelines to regulate how data is moved between employees and outside vendors. To limit the size of their potential attack surface, organizations should restrict the use of third-party services to only those direct employees who need access to complete their day-to-day job.

In addition to designating who can transmit data outside of the organization, you should recommend that clients employ an end-to-end encryption solution to protect emails and attachments containing confidential or personally identifiable information (PII). The solution should be capable of dynamically examining email attachments and URLs.

  1. Emphasize the importance of unique passwords

As the trusted managed IT services provider, you can play a role in educating your clients’ employees on the importance of having a unique password for each service they use. Failure to do so leaves the business open to password reuse attacks, which occur when cybercriminals use a set of credentials they’ve stolen via tactics such as LotL to attempt to access other accounts and expand their level of access to broader swaths of the business.

  1. When in doubt, verify

If there is any doubt about an email message or transaction, there is nothing wrong with contacting the sender outside of the email platform to verify before proceeding. Encourage your clients to have their employees take this step if they have any doubts.

Organizations can further support this authentication culture by mandating verification in their security policy for certain high-risk email requests, such as approving wire transfers or changing a trusted vendor’s banking details.

Business email compromise (BEC) attacks via LotL tactics will continue to be leveraged by malicious actors. The top threat groups have been observed rotating the platforms they exploit to increase their campaigns’ effectiveness. By incorporating the four tips above, you can help your clients better protect their employees, assets, and bottom line.

TROY GILL is manager of security research and a senior security analyst at Zix, an email security solution provider. 

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience