Unfortunately, it’s time for some bad news from Microsoft as the company itself has announced that there are some severe dangers associated to the latest spear phishing attacks by threat actors.
Aimed at specific individuals, you can expect your system to be affected by a malware, the attackers might even harvest sensitive information or they also now have authentic techniques to make you do fraudulent payments.
As we all know that phishing campaigns are not new, in fact the only problem is that they are constantly becoming better with time, which can eventually surprise and rob anyone. You might have seen phishing campaigns being implemented as a shotgun spray to trap as many targets as possible, but spear phishing attacks are based on specific target or individuals - thus, termed as ‘laser’ phishing as well.
So, as these attacks are focused, even tech savvy executives and a lot of senior managers have fallen into the trap of handing over the money and important files via emails.
To give you a fair idea about how is this all really happening, Redmond's Cybersecurity Field CTO Diana Kelley and Cybersecurity Solutions Group Senior Manager Seema Kathuria have shed light on how attackers keep on going through; from preparing to the running of spear phishing attacks.
To start off with such a campaign, the threat actors first do reconnaissance tasks just to find out the potential targets within the selected organisations. Then comes a sender who tricks the potential victims in such a way that you get enforced to act first and think later.
As soon as the phishing attack becomes successful - that is when the victim act on the bait, the attackers then extract all the data they are looking for or even perform malicious actions to feed malware into the victim’s system.
The payout depends on the number of victims targeted in the name of phishing campaign and threat actors even get money for their effort to trap one carefully selected target as well.
However if you want to protect yourself from phishing attacks; detect and block them, then Microsoft claims that there are certain measures that companies and their employees can take to reduce the risk.
The trick revolves around training and educating the workers on how to detect phishing messages. For that you need to tell your employees about signs of a phishing email, which are:
Moreover, you should make the use of multi-factor authentication necessary within your organisation as its the best way to block spear phishers when they get successful in accessing a victim’s system. This limits the damage an intruder can possibly do.
As per the July reports of Microsoft’s Defender ATP Research team, around 100 organisations had already been targeted by the large scale spear phishing attack series and the malspam emails distributed LokiBot information stealer malware payloads.
For your extra protection, the company is also planning to roll out an enhanced notification system for phishing messages that would help all admins in the Microsoft 365 environment. There is also another feature named as ‘Unverified Sender’ which will further make it more simple for users to detect phishing emails on their Outlook.
Read next: Don’t Fall for the New Netflix Phishing Scam!
Aimed at specific individuals, you can expect your system to be affected by a malware, the attackers might even harvest sensitive information or they also now have authentic techniques to make you do fraudulent payments.
As we all know that phishing campaigns are not new, in fact the only problem is that they are constantly becoming better with time, which can eventually surprise and rob anyone. You might have seen phishing campaigns being implemented as a shotgun spray to trap as many targets as possible, but spear phishing attacks are based on specific target or individuals - thus, termed as ‘laser’ phishing as well.
So, as these attacks are focused, even tech savvy executives and a lot of senior managers have fallen into the trap of handing over the money and important files via emails.
To give you a fair idea about how is this all really happening, Redmond's Cybersecurity Field CTO Diana Kelley and Cybersecurity Solutions Group Senior Manager Seema Kathuria have shed light on how attackers keep on going through; from preparing to the running of spear phishing attacks.
To start off with such a campaign, the threat actors first do reconnaissance tasks just to find out the potential targets within the selected organisations. Then comes a sender who tricks the potential victims in such a way that you get enforced to act first and think later.
As soon as the phishing attack becomes successful - that is when the victim act on the bait, the attackers then extract all the data they are looking for or even perform malicious actions to feed malware into the victim’s system.
The payout depends on the number of victims targeted in the name of phishing campaign and threat actors even get money for their effort to trap one carefully selected target as well.
However if you want to protect yourself from phishing attacks; detect and block them, then Microsoft claims that there are certain measures that companies and their employees can take to reduce the risk.
The trick revolves around training and educating the workers on how to detect phishing messages. For that you need to tell your employees about signs of a phishing email, which are:
- Sender’s addresses not matching with the sender’s identity
- Written in such a way that it induces a sense of urgency
- Requesting you to break procedures which are established and working well
- The wording won’t ever be consistent with your company’s usual terminology
Moreover, you should make the use of multi-factor authentication necessary within your organisation as its the best way to block spear phishers when they get successful in accessing a victim’s system. This limits the damage an intruder can possibly do.
As per the July reports of Microsoft’s Defender ATP Research team, around 100 organisations had already been targeted by the large scale spear phishing attack series and the malspam emails distributed LokiBot information stealer malware payloads.
For your extra protection, the company is also planning to roll out an enhanced notification system for phishing messages that would help all admins in the Microsoft 365 environment. There is also another feature named as ‘Unverified Sender’ which will further make it more simple for users to detect phishing emails on their Outlook.
Read next: Don’t Fall for the New Netflix Phishing Scam!
