So, so many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK.
If we can prevent the user from seeing that phishing email or detect and block one of its URLs early in the process, we can stop the attack dead in its tracks. But the bad guys get better and better with phishing — therefore, so do we. In this webinar, we’ll look at four trending techniques in phishing attacks right now. We’ll show you actual examples of:
- Using legit file-sharing sites, such as Dropbox, Box.com, and Google Docs, to host a document linked to by the phishing email: We’ll show you how it works and why it’s effective in lulling users into a false sense of security.
- Fake Office 365 phishing attacks: These remain prevalent and allow attackers to steal Azure AD user credentials — sometimes even defeating two-factor authentication. This exposes O365 resources but potentially on-prem networks as well.
- Executive spoofs: Face it, humans respond to power, and the bad guys use this to their advantage by spoofing executives at your organization to prompt subordinate employees into performing high-value operations without validating the request.
- baseStriker: This is a method of disguising malicious URLs in email and other HTML content using the
tag. It was discovered back in 2018, but it continues to show up in phishing attacks today.
But first, I will discuss phishing attacks in general and isolate elements of phishing emails that remain constant and look at how to use that against attackers. Some of the key things to examine in phishing emails are the domain names in the sender and URLs within the body of the email. There’s so much you can do with a domain name: from looking it up on domain name intelligence sites, detecting first-time seen domains, analyzing domain name age, and more.
LogRhythm is our sponsor and their Labs team brought these 4 phishing techniques to me. Senior Security Analyst, Eric Brown, will review these techniques in greater detail. Then, Principal Threat Research Engineer, Brian Coulson, will show you how LogRhythm security analytics technology and the MITRE ATT&CK framework can help you detect attacks early in their lifecycle and nip them in the bud.
Please join us for this real training for free event.