Subscribe
About

Focus on detection, response and remediation

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 01 Sep 2020

The cyber security landscape is evolving at a rapid pace, and nowhere is this more true than when it comes to the phishing threats.

“Phishing remains the most dynamic threat type that organisations across the board have to face,” says David Walsh, Cofense regional sales director for META. “As such, organisations have to accept two realities. One, that despite increasing investments in perimeter controls such as secure e-mail gateways, large volumes of malicious e-mails are finding their way to end user inboxes. Two, for all the user awareness programs in place, there will always be some users that will click, and increase the risk of significant compromise or data breach.”

Speaking of what he sees as being a strong trend going forward, Walsh says threat actors will become increasingly sophisticated, spending an even greater amount of time researching and understanding their targets prior to launching an attack.

According to Walsh, this was demonstrated by the Russian group Cosmic Lynx’s business email compromise (BEC) campaigns, showing that even when it comes to attacks as simple as BEC, threat actors will pivot their tactics and techniques dependent upon the target, and their controls.

In addition, he says growing numbers of ransomware families will add capabilities to exfiltrate data to provide additional leverage to extort payment from their victims. “Most recently, Avaddon ransomware has been observed being deployed in conjunction with Raccoon Stealer to deliver data-exfiltration capabilities.”

In terms of how he sees the threat landscape evolving in the future, he says although it’s hard to even predict how it is going to evolve over the next few months, one thing is clear, and that is that threat actors will continue to stick with the approaches that work best for them, and evolve when they’re sufficiently frustrated, or new tactics and techniques are identified.

“They will still focus on ensuring threats are delivered to user inboxes. After all, once they manage that, the end user does the rest,” he adds.

Offering a piece of advice for today’s organisations, Walsh says: “Focus on detection, response and remediation. So much focus, and investment, is placed towards prevention. Organisations need to accept what has been said for some time – bad will get in.”

Therefore, it’s imperative that to detect that bad, and quickly. “In phishing defence, your end users are key here, they are not the problem. Develop and promote a culture of reporting, create a network of human sensors that can give you visibility of the bad stuff that has evaded your controls, and equip your security teams with the means to respond to it,” he ends.

Cofense was a gold sponsor of ITWeb Security Summit 2020, held as a virtual event from 25 to 28 August.

Share