Subscribe
  • Home
  • /
  • Malware
  • /
  • Phishing threats 2019: the experts tell all

Phishing threats 2019: the experts tell all


Johannesburg, 10 Apr 2019

It is becoming better understood that, in order to stop phishing attacks, we need to be able to see them coming. At the same time, it also helps to have an idea around which phishing and malware threats we should be keeping an eye out for.

This is according to Anton Jacobsz, CEO at value-added distributor Networks Unlimited Africa, who was referencing a report[1][1] shared by Cofense (formerly PhishMe), a leading provider of intelligent phishing defence solutions.

"The report, titled: 'Six Phishing Predictions: 2019', sees Cofense lean on quite a few in-house experts who have, in turn, provided some generous and learned intelligence around what businesses and consumers can expect from hackers and cyber crime in general over the next year," he says.

To kick things off, Nick Guarino and Lucas Ashbaugh, both threat analysts at Cofense, warn that trusted services won't be. Trusted, that is.

Their prediction says the majority of 'phish' seen in the wild in 2019 will live in historically trusted sharing services like Google Docs, SharePoint, WeTransfer, Dropbox, Citrix ShareFile and Egnyte. They say it's difficult for these services to keep up with the constant barrage of varied phishing tactics.

"Traditional security tools (firewalls, anti-virus) have no insight into the files housed on these services. As a result, it is incredibly difficult to protect users against these phish hiding in plain sight," their prediction concludes.

Prediction two comes from the desk of Tonia Dudley, Cofense Security Solution Advisor, and she says "credential phishing will reel 'em in. Just like last year."

Dudley cites a quote heard at a recent SANS conference where someone said: "Hackers don't need to break in, they log in," and she confirms that credential phishing is the reason why this statement is so true.

"Threat actors stick with what's working and, at least so far, credential phishing allows them access to your organisation as validated users," Dudley says in the report. "I think we will continue to see this type of phishing campaign at the top of the threats list, especially for organisations that have failed to enable multi-factor authentication.

"As you conduct security awareness training, this type of phishing scenario should be a top priority, in particular for your high value targets and privileged users."

Director of Sales Engineering at Cofense, David Mount, says many people expect AI to be the panacea to stop phishing.

However, he sees 2019 as the peak of the hype cycle for AI.

Mount says AI can only be as good as the person creating it and, since phishing attackers are constantly evolving their tactics, AI could find it tricky to keep up. And, if it does prove effective, users will be faced with AI itself becoming a target through poisoning attacks. Either way, Mount says 2019 will be the year we start to see AI begin to play a role in many organisations' overall security strategy. But AI is not an alternative to security awareness training or empowering employees with the tools and instincts needed to flag phishing attacks. A robust security posture will require both network-level, AI-powered threat detection plus human intelligence.

The fourth prediction warns businesses to expect a mix of off-the-shelf and customised malware, and stems from Cofense's Threat Intelligence Manager, Mollie MacDougall and its Principal Intelligence Analyst, Darrel Rendell.

They say while they expect off-the-shelf malware to remain popular, they anticipate more customised malware will also appear in phishing campaigns going forward.

Both are in agreement that 2017's headline-dominating attacks (WannaCry, etc) clearly showed the importance of patching, which can decrease the efficacy of common simple-script malware and push more sophisticated actors towards investing in procuring zero-days.

As per the Cofense report: "The ongoing dominance of low-cost, off-the-shelf malware indicates they likely continue to reap success. The real danger will be in improved banking Trojans and other stealers. With the declining profitability of ransomware operations and the current state of the crypto-currency marketplace, threat actors will likely rely on more traditional malware for illicit monetisation. Moreover, with modular banking Trojans available for purchase, threat actors will continue to provide more sophisticated and broadly capable tools for their less-savvy peers."

Jason Meurer, Researcher at Cofense, agrees that the fate of ransomware will be tied to crypto-currency. He says 2018 saw ransomware fade from the headlines and feels this trend may continue, even though it is dependent on the trajectory of the crypto-currency markets. "If we see a resurgence in crypto-currency, we will likely see ransomware surge in popularity again ahead of price jumps," he concludes.

The last prediction discussed in the Cofense report is again from Mount, who says threats actors will share intelligence to stay a step ahead.

In the report, Mount says the fight against threat actors is an ongoing struggle: as businesses update their cyber security strategies, so too do attack methods evolve and, besides being well funded, attackers have no qualms when it comes to sharing intelligence, unlike businesses operating in the security industry.

"Despite the obvious benefits, the industry is reluctant to share what it knows," Mount says. "Because of this, in 2019, threat actors will continue to stay one step ahead and this is one more reason why businesses need to act faster, making a concerted effort to focus on the most important part of their defence... people."

Network Unlimited Africa's Jacobsz believes all six predictions carry weight, but says this last prediction underpins a vital message.

"One of our foundational beliefs is that a comprehensive security strategy is nothing without user buy-in," he says. "User education and continued inter-company communications around how best to avoid phishing attacks are the first and most important step to building a concrete approach to security and defence strategies."

To learn more about Cofense's phishing incident solutions, please visit: https://networksunlimited.africa/products/security/cofense.

[1][1] Six Phishing Predictions for 2019, Cofense Inc., 2019

Share

Cofense

Cofense, formerly PhishMe, is the leading provider of intelligent-driven phishing defence solutions worldwide. Cofense delivers a collaborative approach to cyber security by enabling organisation-wide engagement to active e-mail threats. Cofence's collective defence suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organisations in defence, energy, financial services, healthcare and manufacturing sectors that understand how changing user behaviour will improve security, aid incident response and reduce the risk of compromise. To learn more, visit https://cofense.com/.

Networks Unlimited Africa

Networks Unlimited Africa is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking and security landscapes. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, NETSCOUT ARBOR, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales and Uplogix. The product portfolio provides solutions from the edge to the data centre, and addresses key areas such as cloud networking and integration, WAN optimisation, application performance management, application delivery networking, WiFi, mobile and networking security, load balancing, data centre in a box, and storage for virtual machines.

Since its formation in 1994, Networks Unlimited Africa has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the sub-Saharan Africa market.

Editorial contacts

David Wilson
Networks Unlimited
(+27) 011 202 8400
David.wilson@nu.co.za