Phishing is Still the Top Initial Access Vector
Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly.
“The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies,” the researchers write.
“Its success lies in its simplicity and its ability to exploit the weakest link in security systems: humans. Employees across many organizations are likely still failing to recognize phishing emails, allowing attackers to progress their attacks in this way.”
In 7.5% of attacks between May and July 2024, the researchers observed attackers using internal spear phishing to target employees.
“An email originating from an internal account is less likely to be caught by email filtering rules than those coming from impersonating domains,” ReliaQuest says. “Other users within the network are also more likely to interact with an email sent by an internal user account than those coming from external parties, something attackers conducting business email compromise (BEC) capitalize on.
Both factors increase the attacker’s chances of successfully compromising more accounts across the network. Internal spear-phishing attacks also often target users with high privilege levels, allowing attackers to escalate their privileges and gain greater control over a network to action their objectives.”
Notably, ReliaQuest observed many attackers attempting to trick users into installing malware that impersonated PDF-related software.
“In the customer true-positive incidents that we analyzed, the malicious files that attackers were attempting to deploy on customer networks were consistently disguised as PDF documents or online PDF generator tools,” the researchers write.
“While malicious attachments can be blocked or quarantined by security tools to prevent execution within a network, these approaches do not address the risk of installing unverified tools, such as those used to create PDF files, on a device. Users should also be educated that installing such tools can also lead to malware execution, which can have harmful effects for businesses, such as data theft, encryption, or account takeovers.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW