The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the Information Sharing and Analysis Center (MS-ISAC) has introduced an all-encompassing guide bearing the title “Phishing Strategies: Disrupting the Attack Cycle.” This guide is intended to serve as a valuable resource for organizations seeking to reduce the likelihood and impact of successful phishing attacks.
Phishing, a form of social engineering, is frequently utilized by malicious actors to trick their targets into visiting fraudulent websites or downloading malware. To offer a clearer understanding of this threat, the guide categorizes phishing into two prevalent tactics: phishing for login credentials and phishing for malware deployment. It further delves into these tactics by elucidating the techniques commonly employed by these actors. These tactics include impersonating supervisors or trusted colleagues, using voice over internet protocol to spoof caller identification, and utilizing publicly available tools to facilitate spear phishing campaigns.
Sandy Radesky, Associate Director for Vulnerability Management at CISA, emphasized the need for organizations to move beyond the traditional advice of avoiding clicking on malicious emails. Radesky stated, “We know that this advice is not sufficient. Organizations should put in place essential safeguards to diminish the chances of a harmful breach occurring when a user engages with a phishing campaign, a scenario that, as we are aware, is common in virtually every organization.” The guide aims to provide practical, actionable steps to diminish the effectiveness of phishing as an initial access vector. It also underscores the potential for technology vendors to implement many of these controls, thereby reducing the burden on organizations and bolstering security at scale.
Eric Chudow, NSA’s Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert, stressed the importance of understanding how to navigate phishing dangers, particularly in an era where cyber threat actors are continually evolving their techniques and harnessing new technologies to deceive individuals.
Bryan Vorndran, Assistant Director of the FBI’s Cyber Division, emphasized the collaborative nature of cybersecurity and the need to equip organizations with the tools to combat malicious actors effectively.
John Gilligan, CEO of CIS, highlighted the enduring success of phishing as a method for gaining unauthorized access to state and local government networks. He emphasized the importance of organizations and their employees in recognizing and averting phishing threats.
This joint phishing guide serves as a comprehensive resource designed to help all organizations protect their systems from phishing threats. It is not limited to a particular business size and encourages review by all, from small and medium-sized enterprises to software manufacturers. By familiarizing themselves with evolving phishing techniques and implementing tailored cybersecurity controls and best practices, organizations can significantly reduce their vulnerability to compromise.
In an era where cyber threats continue to evolve and grow in sophistication, the guidance provided in this comprehensive document offers a valuable roadmap for enhancing organizational security against phishing attacks.
CyberSec84 | Cybersecurity news. 
Leave a comment