By Rotem Shemesh, Senior Product Marketing Manager, Security Solutions, Datto
Phishing is a familiar concept to cybersecurity professionals and hackers. According to a recent study, phishing attacks How to choose The number of cybercriminals trying to infiltrate your organization. why? This is because it is easy to distribute and more prone to human error when clicking on phishing emails.
When many of us hear the word “phishing”, they think of obvious spam emails from easily recognizable fake email addresses. However, detecting phishing attempts is not always so simple. It is important to educate organizations to avoid becoming victims of phishing attempts, including how to identify different forms of phishing. Recently, Datto SaaS Defense made this possible by detecting threats disguised as communications hosted on trusted domains. Attackers operate under the detection radar.
New technology to bypass security detection
This new phishing technique includes two key elements that make it undetectable by most security solutions. The attack took advantage of Adobe InDesign’s hosting reputation to hide malicious links in-frame. An attack was sent via email to convince users to click a link to access a shared document for the purpose of collecting the user’s credentials. The link took people to a bogus webpage that they designed using InDesign and uploaded to a legitimate URL, indd.adobe.com. It’s not uncommon to host a phishing attack on a known URL, but this was the first time it’s been done in InDesign. InDesign domains also have certain attributes that allow malicious users to hide malicious code. The link is hidden in the image (what is possible in InDesign), so it wasn’t identified as a URL when scanned by many security solutions. This masking technique allows attackers to avoid suspicion and bypass many email detection measures.
This is the first time this type of technology has been identified as a phishing attack. Luckily, they were found before they did any serious damage. However, this new type of threat shows just how persistent and dangerous the cybersecurity landscape is. Unfortunately, cybercriminals are usually one step ahead of their targets, so it’s important to stay up-to-date with the latest technologies being used to best protect yourself and your organization. There are many steps that businesses can and must take to develop a robust cyber detection and prevention plan for phishing attempts.
prepare for the worst
So, what should businesses or security-based solutions do when faced with such a daunting challenge?
The first step is to ensure that your organization has the latest and advanced security protections. Basic email security is not enough. In particular, it is important to have a security platform in place to detect new and more advanced phishing techniques that have not yet been discovered or even developed. Additionally, it is more important than ever for organizations to adopt a hypothesized breach mindset. A plan for when a cyberattack will happen, not if it will happen. Remote work and the growing use of cloud-based SaaS platforms are inherently an invitation to malicious actors. While these techniques are useful, they provide an opportunity for malware to enter your system at unexpected times.
Implementing security solutions to help with detection and prevention is important, but developing cyber resilience for your company is even more important. A strong cybersecurity approach is one that starts with assuming a breach within an organization and ends with building a cyber resilience foundation. Cyber resilience is not a product or an attitude, but an ongoing journey with a mindset that evolves as new threats and technologies continue to emerge. With a hypothesized breach, cyber resilience culture, your organization will have the ability to respond to and rapidly recover from adverse cyber events as well as prepare for the next imminent vulnerability.
In an ever-changing digital environment, security can no longer afford to think later. It is the responsibility of each organization to minimize risk as threats emerge to prevent escalation of attacks from harming themselves or others, such as customers. It is all too easy for a cyber attack to spread quickly and have ripple effects that can affect thousands of people. As dangerous cybercriminals get smarter, we too must respond and take appropriate action.
About the author
Rotem Shemesh is Senior Product Marketing Manager for Datto’s Security Solutions and plays a key role in expanding and positioning Datto’s cybersecurity products. She was Head of Marketing at BitDam and was responsible for all marketing and go-to-market efforts for three years. When she was a small cybersecurity startup at BitDam, she established the company’s marketing efforts from the ground up and played a key role in the company’s success and effective merger with Datto over the years. By building BitDam’s marketing strategy, messaging and branding, and leading demand generation, communications and channel marketing, she has successfully positioned the company as a disruptive cybersecurity startup well known to markets, analysts, journalists and other industry players.
Rotem can be reached online at: @ShemeshRotem and on our website dotto.com
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.