Phishing just keeps getting better

Johannesburg, 02 Oct 2023
Jason Oehley, regional sales manager, Arctic Wolf Networks.
Jason Oehley, regional sales manager, Arctic Wolf Networks.

Cyber attackers harnessing generative AI, automation and more sophisticated strategies have become so good at phishing that most people are at risk of falling victim to them.

This is according to experts from Arctic Wolf Networks, who were addressing a recent webinar on social engineering.

Jason Oehley, regional sales manager at Arctic Wolf, warned that South African businesses are just as much at risk as global businesses. "Organisations leave their defences down because of self-deception. For example, they believe they are too small for attackers to want their data. It doesn’t matter how small you are – you might be the third-party link to their goal. Organisations may also believe if it hasn’t happened to them, it won’t in future; that they can’t do enough, so they don’t do anything; or they believe South African companies are not of interest to attackers.”

Social engineering is a prime attack vector, said Andre den Hond, senior systems sngineer at Arctic Wolf. 

“Attackers are very crafty in how they formulate attacks, and they take advantage of the immediate environment. They target non-logical thinking by using fear, urgency, distraction, focus and temptation in their communications. Most people are constantly being distracted and multitasking, and attackers can use this against us,” he said. “Attackers also like to tempt us with offers that are too good to be true, but there’s no free lunch.”

According to a survey by Arctic Wolf, 89% of respondents have been targeted by malicious messages in the last twelve months — 59% of those were suspected phishing emails and 41% were impersonation emails or text messages.  

Den Hond said: “Scams change and evolve all the time, so there’s no longer an easy way to look out for them. In the past, if a mail had bad spelling and grammar, it was easy to spot. But attackers now use the likes of ChatGPT for better mails. The danger lurks in our inboxes, we need to treat these as unsafe places – like dark alleys. What we post on social media can be used against us – it’s so easy for criminals to see a company organogram or find out if the CEO is going on holiday, and use this information.”

He advised: “We need to prepare for war in times of peace; so we need to train employees and reinforce cyber security awareness, and establish clearly defined communication channels. Employees must be trained to avoid volunteering information, slow down and consider their responses, always be suspicious, and know the red flags.”

Oehley said: “Organisations must build a culture of security, with updated passwords, patches and software, multi factor authentication, email filters, and they must familiarise employees with official communication protocols. Training once a year is not enough – you need constant reinforcement for extended staff.”

QuickStart training

Oehley outlined Arctic Wolf’s approach to cyber security training, which includes a ‘QuickStart’ 5-minute introduction, followed by microlearning – short sessions twice a month focusing on topical security issues. Phishing simulations are also carried out to understand which staff members need additional attention. In addition, staff are sent reminders to attend sessions, and a ‘report phishing’ button is introduced so employees can report suspicious emails.

“Arctic Wolf has a purpose-built security awareness programme to help prepare people for an attack," Oehley said. "It’s not a checkbox exercise. It’s to positively teach people, not to try and trick them. We help organisations build a security culture, and run an ongoing microlearning programme with specific education tied to phishing simulation responses."

Den Hond noted that organisations need a defence in depth strategy that addresses the five phases of a cyber attack, which include the passive collection of information from open sources, active information gathering by scanning the environment, accessing the target and moving laterally through the organisation, building persistence and fulfilling the attack, and finally covering their tracks.

He said: “The five phases of defence can be linked to the five phases of attack, and these include identify, protect, detect, respond and recover. Arctic Wolf delivers security operations across the five phases of defence, aligned to the NIST framework. Our purpose-built platform is security tool agnostic, with built in AI, ML and automation. It gives us the benefit of data from all of our customers, which gives us the network effect in which all customers work together to protect each other.”