Cloudflare Sheds Light on Exploited Phishing Tactics

By Greg Tavarez, TMCnet Editor  |  August 21, 2023

Phishing, a malicious cyber activity that involves tricking individuals into divulging sensitive information by posing as a trustworthy entity, is highly detrimental due to its potential to cause financial losses, identity theft and data breaches. Once attackers gain access to sensitive information, they can exploit it for financial gain or commit other forms of cybercrime.

Successful phishing attempts can also lead to reputational damage for organizations that are impersonated, eroding customer trust and damaging brand credibility. To give a perspective of how detrimental phishing can be, business email compromise, or BEC, losses have topped $50 billion, according to the FBI.

There is no question that phishing remains one of the dominant internet crimes, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors.

To back this up, Cloudflare released a report and found the preeminence of malicious links as the foremost threat category is evident, constituting a substantial 35.6% of all detected threats. This prominence underscores the pervasive danger posed by cybercriminals who embed these links within seemingly innocuous emails, messages, or websites, with the intent of deceiving unsuspecting recipients into clicking on them.

Once activated, these links facilitate a cascade of actions, from installing malware onto the victim's device and stealing sensitive information to providing unauthorized access to confidential systems.

Some might be thinking to themselves as they are reading this to simply not click on anything that looks suspicious. OK, most are taught to look out for red flags, from the email to the subject line, for example.

But it is not as simple as that anymore.

Attackers are making themselves look like familiar brands. In fact, according to the report, attackers orchestrated over 1 billion brand impersonation attempts, assuming the guise of more than 1,000 distinct organizations. These malicious actors exploited the trust inherent in well-established brands, with more than half of these impersonation instances focusing on just 20 widely recognized and reputable companies. A few of these companies that were impersonated include Microsoft, Salesforce and Google (News - Alert).

This targeted approach capitalizes on the familiarity individuals have with these brands, increasing the likelihood of recipients falling victim to phishing schemes that mimic legitimate communication channels.

Such an expansive campaign underscores the need for heightened vigilance, stringent cybersecurity protocols and robust awareness campaigns. One solution is the use of email authentication.

Despite the implementation of email authentication measures like Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance, the effectiveness of these protocols in completely halting email threats is limited. The report found that almost 90% of unwanted or malicious messages managed to successfully navigate through these authentication checks.

While email authentication provides a crucial layer of defense, its inability to entirely mitigate the risk highlights the need for a multi-pronged approach to cybersecurity, encompassing not only technical measures but also user education, continuous monitoring and prompt incident response to address the evolving landscape of email-based threats.

“Phishing is an epidemic that has permeated into the farthest corners of the Internet, preying on trust and victimizing everyone from CEOs to government officials to the everyday consumer,” said Matthew Prince, CEO at Cloudflare. “Email messages and malicious links are nefarious partners in crime when it comes to the most common form of Internet threats. Organizations of all sizes need a Zero Trust solution that encompasses email security - when this is neglected, they are leaving themselves exposed to the largest vector in today's threat landscape.”

The concept of zero trust can provide a substantial boost to cybersecurity efforts in addressing the challenges posed by phishing, brand impersonation and email authentication bypass. By implementing a "never trust, always verify" approach, zero trust emphasizes strict access controls and continuous monitoring. This mitigates the risks associated with successful phishing attempts and brand impersonation, while also enhancing the effectiveness of existing email authentication measures.

Zero trust principles offer a proactive and adaptable strategy to counter email-based threats, though complete protection remains a collaborative effort involving multiple security layers.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]