George Mellor - KloudReadiness, LLC
Phishing on a Cloudy Day
Cybercriminals continue to accelerate their abuse of our most trusted and popular cloud applications as a launch point for phishing exploits and malware delivery.
Hiding behind trusted domains, valid certificates, and the practice of allowing popular applications to bypass inline defenses only increases the odds that the attackers will succeed in enticing end-users to click on a link that opens up your organization to a world of hurt.
Cloud application credentials remain a top target for phishing campaigns, with 36% of campaigns targeting cloud application credentials. As a wily and cunning bunch, attackers continue to develop creative ways to launch phishing campaigns. While most phishing campaigns are still launched using traditional websites, many cybercriminals have begun using cloud applications to host their phishing hooks. Cloud application phishing hooks often help make a phishing attack look more convincing and bypass traditional phishing detection software.
As we all know, the attack surface has increased dramatically as many organizations have accelerated their usage of cloud applications to support remote workers who require access to key resources from anywhere, at any time, on any device.
Phishing with a Skilled Guide
Phishing expeditions look to take advantage of humans who are vulnerable to the many ways skilled cybercriminals can trick or cajole the unsuspecting.
However, with the proper level of awareness, consistent cybersecurity training, and a superior toolset that leverages technology and best practices - organizations can significantly reduce their human attack surface and turn their users into defenders.
Most organizations need help and should look for a skilled guide to join them on their journey. Providers such as Symbol Security have created an automated SaaS platform that delivers phishing simulation templates, data-driven intelligence, and sophisticated spoofing tools to place employees in realistic situations to test their ability and resolve to spoil malicious phishing attacks.
So, look to arm your employees with the skills and tools needed to ensure they don’t fall victim to a cybercriminal looking to set their phishing hook deep into the underbelly of your organization.
Remember, well-trained people, who are constantly reminded and tested on their preparedness are your best defense in reducing or eliminating the threat of a successful phishing attack.
Note: Thanks to netskope’s Cloud & Threat Report – February 2021 for providing the catalyst to pen this post…