Electricity + Control May 2019

CYBER SECURITY

Phishing threats to increase through 2019

I t seems obvious that, in order to stop phishing attacks we need to be able to see them coming. So, it helps to have an idea about which phishing and malware threats we should be looking out for. Anton Jacobsz, CEO at value-added solutions dis- tributor Networks Unlimited Africa, outlines some of the anticipated threats presented in a report shared by Cofense™ (formerly PhishMe ® ), a leading global provider of phishing defence solutions. “In the report, titled ‘Six Phishing Predictions: 2019’ , Cofense draws on the insights of its in- house experts who have shared some of their intelligence around what businesses and consum- ers can expect from hackers and in cybercrime in general over the next year,” says Jacobsz. Nick Guarino and Lucas Ashbaugh, Threat An- alysts at Cofense, warn that what we generally view as trusted services … won’t be trusted. They suggest that “the majority of phish seen in the wild in 2019” will live in historically trusted sharing services like Google Docs, Sharepoint, WeTrans- fer, Dropbox, Citrix ShareFile and Egnyte. They say it’s difficult for these services to keep up with the constant barrage of varied phishing tactics. “Traditional security tools (firewalls, anti-virus) have no insight into the files housed on these ser- vices. As a result, it is incredibly difficult to protect users against these phish hiding in plain sight,” they say. Tonia Dudley, Cofense Security Solution Advi- sor, says, “… credential phishing will reel ‘em in. Just like last year.” At a recent SANS conference she heard it said that: “Hackers don’t need to break in, they log in”. In the report Dudley says, “Threat actors stick with what’s working and … so far, credential phish- ing allows them access to an organisation (or or- ganisations) as validated users. I think we will con- tinue to see this type of phishing campaign at the top of the threats list, especially for organisations that have not enabled multi-factor authentication.” She adds that as companies conduct security awareness training, this type of phishing scenario should be a top priority, in particular for high value targets and privileged users. Director of Sales Engineering at Cofense, David Mount, says that many people expect AI (artificial intelligence) to be the panacea to stop phishing. However, he sees 2019 as the peak of the hype cycle for AI. Mount says AI can only be as good as the person creating it and, as phishing attackers are constantly evolving their tactics, AI

could find it tricky to keep up. If it does prove effective, users will be faced with AI itself becoming a target. Either way, Mount says we will start to see AI play a role in many organi- sations’ overall security strategy. But it is not an alternative to security awareness training or em- powering employees with the tools and instincts needed to flag phishing attacks. Robust security will need both network-level, AI-powered threat detection and human intelligence. The fourth prediction warns businesses to ex- pect a mix of off-the-shelf and customised mal- ware. Cofense’s Threat Intelligence Manager, Mol- lie MacDougall and Principal Intelligence Analyst, Darrel Rendell, say that while they expect off-the- shelf malware to remain popular, they anticipate more customised malware will appear in phishing campaigns going forward. “The ongoing dominance of low-cost, off-the- shelf malware indicates this will likely continue to reap success. The real danger will be in improved banking Trojans and other stealers. With the de- clining profitability of ransomware operations and the current state of the cryptocurrency market- place, threat actors will likely rely on more tradi- tional malware for illicit monetisation.” Researcher Jason Meurer agrees that the fate of ransomware will be tied to the trajectory of the cryptocurrency markets. “If we see a resurgence in cryptocurrency, we will likely see ransomware surge in popularity again ahead of price jumps.” The last prediction in the Cofense report is again from David Mount who says threat actors will share intelligence to stay a step ahead. He says attackers have no qualms about this, unlike businesses operating in the security industry. “Despite the obvious benefits, the industry is reluctant to share what it knows,” Mount says. In his view, this is why threat actors continue to stay one step ahead. “And it’s one more reason why businesses need to act faster … and focus on the most important part of their defence – people.” Networks Unlimited Africa’s Jacobsz believes all six predictions carry weight and highlights the last. “A comprehensive security strategy is nothing without user buy-in. User education and continuing inter-company communications around how best to avoid phishing attacks are the first and most important step to building effective security and defence strategies.” □

For more information contact: David Wilson at Networks Unlimited Africa. Tel. +27 (0)11 202 8400 or email: David.wilson@nu.co.za

Electricity + Control

MAY 2019

39