Wednesday, CISA, in coordination with the NSA, FBI and Multi-State Information Sharing and Analysis Center, published “Phishing Guidance: Stopping the Attack Cycle at Phase One,” to assist organizations with preventing phishing attacks.
As expected, the guidance references social engineering tactics used to gain login credentials, as well as malware installations executed through spam emails. The agency provided a large number of suggested mitigations including enabling strong email controls and firewall rules, while encouraging user training around social engineering and phishing.
While the guidance is applicable to all organizations, it also includes a section of tailored recommendations for small-and medium-sized businesses that may not have dedicated network defenders or with limited resources.
“When we see news of compromises that stem from phishing, it’s all too easy to blame the victim organization for not having implemented all the mitigations that would have stopped the attack. With the benefit of 20/20 hindsight it’s easy to see what went wrong. But the ease of compromises cannot be solely blamed on the defenders. We need to have a more robust industry-wide conversation about the products that are delivered to customers in a state that not only makes these attacks possible, but in many cases, inevitable,” said CISA Senior Technical Advisor Bob Lord.
Emily Phelps, Director, Cyware had this comment:
“Even the most sophisticated technology platforms and tools are not immune to the age-old tactics of phishing. This vector remains a popular attack strategy because of its low level of sophistications and high level of effectiveness. While advanced security solutions are imperative for safeguarding an organizations’ digital assets, human-centric training is also crucial to address social engineering attacks. The reality is no single mitigation method is foolproof. Organizations and individuals, regardless of their sector or size, must adopt multifactor solutions to reduce the risks of phishing attacks.”
Dave Ratner, CEO, HYAS follows with this:
“We applaud CISA and the other government agencies for publishing guidelines and strategies to prevent phishing attacks, and we encourage their use, but the best defense always comes from a defense-in-depth approach. Despite improved training, education, and mitigation, phishing attacks will become more sophisticated and sometimes even the most diligent personnel may fall victim or make a mistake. That’s why pairing the education, training, and mitigation with a Protective DNS solution is critical for a more complete and resilient approach, to ensure that the phishing attacks which do get through nonetheless are stopped before they leak credentials or cause damage.”
Craig Harber, Security Evangelist: Open Systems add this:
“CISA, the NSA, the FBI and the MS-ISAC did a nice job providing a solid set of recommendations for small-to-medium-sized businesses that were actionable. One thing that I’d have like to have seen included was a reminder that in today’s world small, medium, and large businesses are integrated together to form an ecosystem to deliver a product or service. There is a greater chance that a smaller supplier adopts a lower standard may result in a potential attack path for the larger economy.”
This is an excellent move by the CISA and others. And every business big or small needs to read this guidance and make sure that their employees read it as well as the best way to stop an attack is to make sure it never happens.
17 Domain Seizures Linked To DPRK IT Workers’ Fraud Scheme Happened This Week
Posted in Commentary with tags Security on October 20, 2023 by itnerdThis is a follow up to a story that I wrote recently on this topic. This week there was a seizure of 17 website domains allegedly used by North Korean IT workers in a scheme to defraud U.S. and foreign businesses, ultimately funding the DPRK government’s weapons programs:
The United States said on Wednesday it has seized 17 website domains used by North Korean information technology workers in a scheme to allegedly defraud businesses, evade sanctions and fund the development of North Korea’s weapons program.
The seizures took place on Tuesday pursuant to a court order in Missouri, the U.S. Justice Department said in a statement.
The United States has alleged that North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers, in order to generate revenue for its weapons of mass destruction and ballistic missiles programs.
North Korea has “flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program,” the Justice Department said on Wednesday, urging employers to be cautious.
Related to that, there’s now additional guidance for US businesses to make sure that they don’t fall for North Korean IT workers trying to scam their way into US businesses.
Ken Westin, Field CISO, Panther Labs had this to say:
This deals in the realm of insider threat and isn’t something security should be responsible for alone, this type of threat requires collaboration between security and HR. In these cases either someone was not conducting background checks properly or ata all, or the North Koreans did a really good job at opsec for these individuals with fake identification and more. Although the awning of money to North Korea is a concern, I think the larger threat is missed, we had potential North Korean spies in many organizations IT infrastructure with access to sensitive data and one has to wonder if they weren’t also conducting cyber espionage.
As usual the North Koreans are up to no good. Which means that everyone needs to be on the look out for this scheme, or any other scheme that they come up with as they clearly are a very determined adversary.
Leave a comment »