A game of cat and mouse
Dan Green, author of the Push Security report, told CSO in an email that email isn’t the only way BITB attacks are spreading. In the past several months, his firm has seen LinkedIn Messenger and Google Search being used as well.
“We would encourage security teams to re-evaluate how they approach phishing detection,” he said. “[Phishing] is becoming increasingly sophisticated, it’s no longer just an email problem, and the risks are significant. A compromised enterprise cloud account (for example, Microsoft or Google Workspace) is effectively the key to everything you access in the course of the modern workday. This isn’t just the direct access to your enterprise cloud suite, but the downstream application access via SSO (single sign-on) that can be hijacked by the attacker. Most breaches start with compromised identities today, compared with software exploits or malware execution.”
Roger Grimes, data driven defense CISO advisor at security awareness training provider KnowBe4, noted that browser vendors have worked for decades trying to prevent malicious popup boxes from appearing because they are so tricky. However, he added, criminals keep on figuring out ways to bypass the protections.
