Phishing 2.0: Unmasking Modern Cyber Threats and Building Proactive Defences
Phishing has become a cornerstone of cyberattacks in the digital era, evolving into one of the most significant challenges for organizations and individuals alike. The rise of increasingly sophisticated phishing methods has reshaped how cybersecurity teams strategize defences and respond to breaches. According to recent cybersecurity reports, phishing remains responsible for a staggering percentage of data breaches worldwide, underlining its role as an entry point for major cyber incidents. In 2023 alone, the Verizon Data Breach Investigations Report found that over 36% of data breaches were linked to phishing, solidifying its reputation as a top method leveraged by cybercriminals.
Further compounding this trend is the fact that phishing attacks are becoming more targeted and complex. According to data from APWG’s Phishing Activity Trends Report, the number of unique phishing sites detected surged by over 60% in the past two years. The game of cat and mouse that is cybersecurity is proving to be a losing game for enterprises as existing tools are unable to keep up with the evolving nature of phishing attacks.
With the lack of proper web security detection tools, organizations are often unaware of the quantum and mechanism of phishing attacks targeting their employees. In fact, it is in the attacker’s best interest to have their attack path remain undiscovered as long as possible, allowing them to exploit users for a longer time, holding more data and access hostage when a breach is finally detected. Worse, it is nearly impossible for organizations to trace back exactly how the attack happened retroactively with incumbent proxy tools, essentially allowing attackers to recycle the same attack using different identities/domains.
This article delineates the mechanics behind the 5 most common modern phishing attacks seen by both our researchers and in the wild with real organizations we work with.
- Trusted domain attacks
Most enterprises block known malicious or suspicious domains using Secure Web Gateways (SWGs). Thus, attackers have identified several domains that would be whitelisted in almost all organizations and redirect users to phishing sites from there. These include file sharing sites (e.g. Sharepoint, Google Drive, One Drive, Box) and GitHub.
2. Captcha walls
In addition to whitelisting/blacklisting, some SWGs can automatically block domains with certain characteristics such as young domain age. However, even with the most advanced SWGs, this URL filtering does not work when there is a captcha, allowing attackers to hide phishing sites behind captchas.
3. URL masking & shortening
Many attackers leverage URL shortening services like Bitly and Twitter’s t.co, making it difficult for employees to tell if the link is malicious from the URL itself. For similar reasons to the Sharepoint based attacks, existing security tools cannot block these URLs as it will lead to many false positives from legitimate links.
4. GenAI spearphishing
One telltale sign that many employees relied on to identify phishing messages/ emails is the persistence of typos and odd grammatical errors. However, with GenAI tools at their disposal, attackers can now write high quality, highly targeted messages at a scale that is never seen before. A recent study from HBR showed that the cost of phishing attacks has now been slashed by 95%, and are seeing comparable success rates (60%) to phishing emails written by trained experts.
5. Browser in the Browser (BiTB) Attacks
This sophisticated phishing technique involves attackers creating a fake browser window within the actual browser to simulate legitimate third-party authentication pop-ups, such as those used for “Sign in with Google” or “Sign in with Facebook.” This deceptive overlay looks authentic and can trick users into entering their login credentials, giving attackers access to sensitive information. The fake window is indistinguishable from a real one at first glance, making it particularly effective and dangerous as users are led to believe they are interacting with a trusted source.
As phishing attacks continue to evolve in quantum and complexity, it is imperative for organizations to shift from having a reactive to a proactive defence strategy. In order to do so, security tools must also evolve to provide deep insight into exactly how users are being attacked, creating mechanism based policies instead of domain based policies that engage in a perpetual chase of finding and blocking phishing sites as they are discovered post-breach.
Phishing 2.0: Unmasking Modern Cyber Threats and Building Proactive Defences was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from SquareX Labs - Medium authored by Audrey Adeline. Read the original post at: https://labs.sqrx.com/phishing-2-0-unmasking-modern-cyber-threats-and-building-proactive-defences-8ff71c61af98?source=rss----f5a55541436d---4
