Being prepared for the latest email security and phishing threats requires anticipating what’s on the horizon over the next year or so. Part one of this series of predictions covered the possible emergence of deep phishing, the evolution of ransomware gangs, and more. Here is what else 2022 may have in store from an email security and phishing perspective.
Pivoting from Personal Email to Corporate Environments
With phishing campaigns growing in volume and sophistication, most businesses recognize the need to promote phishing awareness to their employees as part of their security strategy. Employees are typically instructed to look for signs of phishing emails arriving in their company email accounts, but that doesn’t neglect the threat. More targeted emails are still hard to detect without an integrated email security solution. More worrying still, work-from-home arrangements blur the infrastructural boundaries between personal and corporate email and collaboration accounts.
In 2022, expect to see threat actors start turning their attention to accessing employees’ personal email addresses, laptops, and smartphones that share direct or indirect access to employer networks, services, and assets. Adversaries can launch ransomware attacks or target personal emails with malware, which when installed on a user’s device, provides remote control capabilities, and eventual access to the critical infrastructure within corporate environments.
Move the Cheese to The Cloud
The adoption of cloud computing by businesses will continue in 2022, but phishing campaigns are shifting the underlying motivations for moving to the cloud. Potential cost reductions and increased flexibility in IT infrastructure were the primary motivations for cloud adoption for several years. The ability to easily scale cloud services up or down, pay per resource used, and no requirement for capital expenditure all promise substantial savings for organizations.
Now, though, security concerns are pushing organizations to replace on-premises infrastructure with cloud-based services over and above the allure of cost reductions. Social engineering attacks rose by 270% in 2021, with phishing campaigns representing the bulk of that increase. Expect this trend to continue during 2022 as threat actors increasingly recognize the power of email phishing as an entry point to corporate networks.
By moving more key business services to the cloud, cybersecurity teams believe they can reduce the potential damage inflicted by phishing attacks. The interconnected nature of on-premises infrastructure often enables adversaries to get free rein over an entire environment and easily install malware. The hope is that even if successful phishing attacks compromise a business service, running everything in the cloud as distinct services helps to avoid the worst impacts of phishing attacks enabling the infiltration of entire on-premises environments.
Paid Account Access
An interesting and equally shocking article appeared in Vice last year describing how one company offered $500 to employees in the United States in return for login details for business accounts. The company also promised access to a proprietary platform in which employees could compare their income to other similar-level workers in different companies. Security researchers uncovered a slew of other suspicious domains enticing employees with similar offers.
While there are legal ramifications for sharing corporate login credentials, some employees could be attracted by the monetary rewards and regard it as low-risk. After all, with so many data breaches in recent years, their login credentials to at least one account are probably on the dark web. Feigning ignorance would be relatively trivial unless authorities managed to track down payments and communications between employees and those paying for their credentials.
Expect to see similar types of phishing campaigns becoming more prevalent in 2022. Monetary rewards and access to valuable information amplify normal phishing bait into a combination that some people will find hard not to fall for. Unfortunately, the likely outcome is that those revealing their credentials might not get anything at all. Threat actors will use their login data to launch attacks on their employer’s corporate network.
Multi-Phased Machine-Based Phishing
News about a worrying evolution in phishing emerged early in 2022 when Microsoft uncovered a multi-stage campaign using a device registration trick. The attack in question featured threat actors compromising employee login credentials through traditional phishing messages.
The next phase involved machine-based phishing that tricked the target network into accepting a hacker-controlled device. Made possible by BYOD policies, the hackers were able to register their device on the network using seemingly legitimate, stolen credentials. The Azure Active Directory server assumed the registering device was legitimate. Once inside the network, threat actors sent a more targeted set of phishing messages to internal recipients.
Organizations or users not implementing multi-factor authentication for new device registration became victims of this multi-phase attack. Expect to see machine vs machine phishing campaigns become more prominent as 2022 unfolds.
Phishing As a Geopolitical Tool
Lastly, phishing as a tool of geopolitical influence will continue to be deployed as a way to influence elections in other countries. Russian interference in the 2016 US Presidential race is well-documented. This interference used spear phishing emails to target email accounts belonging to members of Hillary Clinton's presidential campaign and disclose details from those accounts.
Similar interference tactics leveraging phishing campaigns were apparently used in the 2020 US Presidential race. Other countries have taken note of the potential for phishing as a geopolitical tool. Singapore’s Computer Emergency Response Team issued an advisory about the potential for phishing to interfere with important elections.
Other significant and surprising things will happen in email security and phishing during 2022. The reality is that threat actors always seek to innovate their tactics and come up with ways to bypass existing controls. That’s why organizations need more than just a secure email gateway (SEG), they need a dedicated, self-learning email security solution that continually refines and adapts to the latest tactics and stops these harmful messages from reaching employees.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.
Tags:Ransomware, Phishing, Email Security, Credential Theft, Machine Learning, Remote Workplace, 2022
February 25, 2022