A new report from Microsoft found that phishing attacks increased 250% over the course of 2018. According to Microsoft’s Security Intelligence Report(SIR) volume 24, attackers have shifted tactics and are now targeting multiple points of attacks within one campaign.
Malicious actors continue to find success using new tactics, like transitioning from URLs, domains and servers to dispersing emails and hosting phishing forms. The most recent SIR noted that by adopting both hosted servers and public cloud tools, attackers were able to more easily disguise themselves so that they appeared to be legitimate services or products.
he report evidences the challenges that CISOs and many vendor CTOs have when it comes to understanding the wide range of attack methods and techniques available to hackers.
Threat actors are becoming more innovate, finding new ways to escape detection by checking for known anti-malware solutions, persisting despite a browser reboot, stealing device information like IPs and switching infection tactics when they’ve been discovered
Unfortunately, phishing exploitation relies more on human psychology than technology, thus it is much harder to establish countermeasures. While technological countermeasures have advanced significantly against malware, DoS, applications, systems, etc., phishing countermeasure is lag behind. No matter how good those awareness training may be, you just cannot constantly hold users' hands.