Phishing #Heads To The #Cloud

Phishing emails are often used by hackers to gain access to private information. Fortunately, in recent years, organizations and the general public have become more informed about the threat of phishing and how to identify these suspicious emails. Because of this, hackers have refined their techniques and are now launching more advanced cloud-phishing attacks. With these new and potentially more damaging attack methods, companies must rethink their security postures or risk becoming a target for hackers.

Phishing Evolves From A Minor Threat To A Major Threat

Historically, phishing attacks have targeted individuals who were completely unaware of the practice of acquiring credentials via social engineering. In an attempt to extract login credentials or personally identifying information (PII), hackers would pose as retail customer service representatives or government agencies like the IRS. Unfortunately, many phishing targets readily offered personal information to what they believed to be trustworthy parties.

Recently, however, these same traditional phishing methods have been less effective. Average users have become more security conscious, and email providers have made great strides in detecting phishing attacks. Major email service providers now flag suspicious emails based on attachment, text and source domain. Unprompted password-reset emails, a common phishing technique, are now easily detected by smart spam filters and no longer fool as many users as they once did.

These advances in human knowledge and solution capabilities have forced hackers to alter their phishing techniques. Rather than targeting financial or personal information, hackers now seek valid login credentials and full administrative access to accounts and data.

Dissecting A Modern Cloud Phishing Attack

In the summer of 2017, Gmail users experienced a sophisticated mass phishing attack. The attack began with an email that appeared legitimate and directed users to an actual Google web page. From there, unsuspecting individuals were asked to grant access permissions to a malicious third-party application. Once permissions were granted, hackers could view victims’ contacts, read their emails, see their locations and even access files created in G Suite.

In standard phishing schemes, users are typically sent to a spoofed website and asked to enter login information. Interestingly, this attack exploited Google’s implementation of the OAuth protocol that’s used to streamline authentication. With OAuth in place, users can grant third parties access to their personal information without needing to re-enter their login details. These ease-of-use protocols help create a frictionless user experience and require only a single click to grant access to third-party applications. Unfortunately, this also exposes users to the risk of carelessly granting account access to malicious attackers.

Future phishing attacks will continue to target vulnerable users through malicious applications that disguise themselves as popular apps. As techniques for phishing evolve, so will the means of detecting these bad actors.

Prevention Moving Forward

Cloud service providers have already begun to implement security features that can proactively identify phishing attacks. Google recently introduced Advanced Protection for Gmail users that are more likely to be attacked. Even basic features offered by email providers can prove significantly helpful. For example, when users are replying to suspicious emails from outside of their corporate domains, automated warnings can help prevent data leakage. In addition to the above, businesses should implement third-party, advanced capabilities like improved email filtering and malicious URL detection.

By taking advantage of native cloud app security features and third-party solutions, organizations can more effectively combat the next generation of phishing attacks. Beyond these strategies, the biggest weapon against phishing is end-user education. Organizations that ensure employees know how to identify and avoid these new cloud-style attacks will be much more successful in protecting sensitive data.