Over the last year, cybercriminals have continued to evolve and improve their phishing distribution methods, with many embracing more targeted attacks versus utilizing large-volume email blasts. One method growing in popularity is living-off-the-land (LotL) style attacks. In a similar fashion to “fileless malware,” threat actors attempt to fly under the radar by exploiting existing tools and services that are otherwise legitimate to essentially hide their phishing activity in plain sight.
With this tactic, attackers use the white noise for cover while leveraging the good reputation of the domains they are abusing. This also opens up the possibility of exploiting allowed lists in both perimeter and internal security controls. Additionally, the social engineering aspects of these attacks go a long way toward disarming users who may otherwise know better.
This attack strategy is not new by any means, but there has been a noticeable escalation amid the pandemic. Some of the attacks involve communicating directly from a legitimate platform, while other strategies include abusing said platform to either redirect or host the payload via credential harvesting or malware delivery.
Cybercriminals are likely to increase the number of organizations they target, as doing so will help them find new ways to blend in with legitimate traffic. Managed IT service providers should prepare their clients now.
Here are four tips to help your clients reduce the risk of these and other email threats:
- Perform an audit of the email environment
The first step to enhancing security posture is for organizations to understand how their current policies and settings stack up. For Microsoft Office 365 users, an Office 365 security audit can examine the mailboxes of admins and general users and flag any potential vulnerabilities before they can be exploited, as well as accounts that may have already been compromised.
Once visibility has been achieved, encourage clients to adopt a solution that can help them continuously monitor their email environment so that they don’t miss out on any changes that could spell disaster.
- Limit authorized use of third-party services and utilize end-to-end encryption
While businesses should certainly be asking third-party vendors about their security policies, it is equally important to ensure your clients have implemented internal guidelines to regulate how data is moved between employees and outside vendors. To limit the size of their potential attack surface, organizations should restrict the use of third-party services to only those direct employees who need access to complete their day-to-day job.
In addition to designating who can transmit data outside of the organization, you should recommend that clients employ an end-to-end encryption solution to protect emails and attachments containing confidential or personally identifiable information (PII). The solution should be capable of dynamically examining email attachments and URLs.
- Emphasize the importance of unique passwords
As the trusted managed IT services provider, you can play a role in educating your clients’ employees on the importance of having a unique password for each service they use. Failure to do so leaves the business open to password reuse attacks, which occur when cybercriminals use a set of credentials they’ve stolen via tactics such as LotL to attempt to access other accounts and expand their level of access to broader swaths of the business.