4. Phishing in 2020. An example of an attack and an overview of solutions in the world

As part of the final article in the “Fighting Phishing” cycle for the outgoing 2020, I would like to conduct some digest and talk about popular solutions as estimated by the world community. For those who skipped the previous parts, the materials already written earlier are left below:

  1. User training in the basics of information security. Fight against phishing.

  2. User training in the basics of information security. Phishman.

  3. Information security education and training. Antiphishing.

Field summary

The year 2020 saw an increase in online sales due to the Covid 2019 pandemic, which, in turn, has served as a new wave of scammers using phishing attacks to make illegal earnings.

For example, a Check Point vendor in one of their reports reports that in November 2020 alone, the number of phishing campaigns increased more than 2.5 times compared to October 2020.

Of course, this is due to global sales such as: Black Friday, Cyber ​​Monday, etc. Let’s take a closer look at one of the phishing campaigns.

Analysis of the attack

Email subject: Cyber ​​Monday | Only 24 Hours Left!

Sender: Pandora Jewelery (no-reply @ amazon.com)

Content:

At first glance, we received a legitimate newsletter inviting us to shop for jewelry on the Pandora website. But we notice a discrepancy:

  • Mailing from the Amazon domain is a spoofing mechanism.

  • Error in the word “Jewelery” in the subject line. (approx. correct spelling – jewelry).

  • If you try to go to the site using the link in the letter, the URL opens: www[.]wellpand[.]com. The site itself was registered in the fall of 2020 and mimics the content of the original Pandora site.

This massive phishing attack was targeted at users in the United States, England and Bulgaria, but in general this approach is used around the world. What steps can you take to ensure that your New Year shopping doesn’t end up cheating?

  1. Free cheese only comes in a mousetrap. When buying one or another product, you need to objectively evaluate its cost, for example, if you are offered a new Iphone with an 80% discount, most likely this is a fraud.

  2. Don’t use the same credentials. Many users are registered with one username and password, if an attacker obtains your authentication data, he has access to all your services.

  3. Be careful when you receive a password reset email. This approach is actively used to seize your personal data (login, password). If you need to change the password, it is recommended to do the procedure directly from the site itself, because in the received letter you can be redirected to a fake resource.

  4. Social engineering is important. Pay attention to the writing style of the received letter (syntax and spelling errors, etc.).

  5. HTTPS is our everything. When you navigate to different resources, pay attention to the protocol they are using. Today, more than 80% of sites have switched to an encrypted connection (HTTPS), if suddenly you are offered to enter your bank card details and the authorization site uses HTTP – the first signal that you do not enter anything and leave the resource.

We reviewed the current phishing campaign on the eve of the holidays and provided general recommendations for preventing such attacks, but the most optimal approach is to educate the user in IT literacy in order to increase his level of competence in confronting cybercriminals.

Solution overview

Earlier we introduced you to some of the products from the “Security Awareness Computer-Based Training” category, including the Open-source solution GoPhish and domestic products: Phishman, Antiphishing… It’s time to turn to the well-known Gartner and briefly get acquainted with the top 5 (within the framework of the article, the region Europe, Middle East And Africa was selected, from 1 to 5).

KnowBe4

Platform, which contains a large library of various tests for your employees: interactive modules, videos, templates for training phishing attacks, etc.

After you register on it, you will get access to the LC, where you can conduct a number of free tests.

Running one of the tests

1) Test selection

2) Configuring a training phishing campaign

3) Choosing a template for mailing

5) Setting up a page for redirecting “victims”

6) Dashboard and statistics collection

Overall impression:

In just 5 minutes, a phishing campaign will be available for you to deploy, no additional installations are required, all management is carried out through a browser. Thanks to the community, tests are constantly updated, and there are paid solutions. KnowBe4 has established itself as a convenient and modern platform for training your staff, at least you should familiarize yourself with its capabilities.

Overall impression:

In just 5 minutes, a phishing campaign will be available for you to deploy, no additional installations are required, all management is carried out through a browser. Thanks to the community, tests are constantly updated, and there are paid solutions. KnowBe4 has established itself as a convenient and modern platform for training your staff, at least you should familiarize yourself with its capabilities. Overall impression:

Overall impression:

In just 5 minutes, a phishing campaign will be available for you to deploy, no additional installations are required, all management is carried out through a browser. Thanks to the community, tests are constantly updated, and there are paid solutions. KnowBe4 has established itself as a convenient and modern platform for training your staff, at least you should familiarize yourself with its capabilities.

Kaspersky-Cybersecurity Awareness Training

Paid product from a well-known company for the Russian public – Kaspersky Lab.

It differs from other solutions in that the training is prepared for the IT specialists themselves, within which it is considered:

  • Digital forensics. Formation and improvement of practical skills in searching for digital evidence of cybercrimes and analyzing various types of data to reconstruct the history of attacks and determine their sources.

  • Malware analysis. Train IT security professionals to analyze malware, find Indicators of Compromise (IoC), create signatures to detect malware on infected computers, and recover infected and encrypted files.

  • Incident response.

  • Effective Threat Detection with YARA (prepared rules and fact correlation to identify security events).

Overall impression:

This service as a platform will allow your employees to learn how to resist the most relevant and modern types of attacks. The solution requires a certain level of training and the availability of IT skills, including information security. It is actively used by large companies (banks, industry, etc.).

OutThink Human Risk Management Platform (SaaS)

Paid product positions itself as the result of long research at the Security Group (ISG), Royal Holloway, University of London. The company’s experts have over 100 years of experience in information security, human behavior science, psychology and data science.

Overall impression:

We failed to test it within the framework of this article, you need to request a demo and wait for feedback from the vendor. You can always do it yourself by link, the system is deployed in the cloud (SaaS).

Infosec IQ

A paid solution from the European company LX Labs, which offers over 700 resources for staff training, over 1000 templates for simulating phishing messages and a user-friendly interface for interaction.

Overall impression:

“Simple, scalable and efficient” is how one customer reviews a product on the Gartner website. If we talk about the technical side of the issue, there is a convenient integration with AD (Active Directory), a simple launch of phishing campaigns, support for a quick transition to statistics through the control button in Outlook. If you are interested in the solution, then you can request a demo from the software vendor link

Keepnet labs

The vendor of the same name offers various solutions in the field of information security:

  • Incident Responder… Allows users to send suspicious email messages for verification, after which they can be blocked permanently.

  • Email threat simulator. The solution allows you to periodically check your infrastructure (firewall, antispam, antivirus, etc.) for vulnerabilities in the settings, thanks to which phishing attacks can pass.

  • Threat Intelligence. The smart engine constantly examines sites for hacking or information leakage in order to identify the compromise of your personal corporate data.

  • Phishing Simulator. A product responsible for sending educational phishing attacks with the ability to track statistics, send for training, and so on.

  • Awareness Educator. A learning portal that can be integrated into the Phishing Simulator.

  • Threat Sharing. As part of this solution, it is possible to establish a trust relationship and transfer data between companies according to certain rules and ensuring their secure delivery.

The company has prepared its own report on phishing trends for 2020, if anyone is interested in reading it, this is available by link.

Overall impression:

There are quite a few interesting solutions in the fight against phishing and corporate data protection, there are our own developments to prevent various attack vectors, as well as the potential for organizing a centralized DLP system with employee training.

Instead of a conclusion

Today we looked at one classic holiday example of a phishing attack and briefly met the world’s leaders in the field Security Awareness Computer-Based Training, under the post, a vote will be launched on the product you like, perhaps we will make a full review of it. You can read and test solutions (GoPhish, Phishman and Antiphishing) by contacting us at mail

Similar Posts

Leave a Reply