cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor III

Phishing Guidance: Stopping the Attack Cycle at Phase One

Dear All,

 

This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. Phishing Guidance: Stopping the Attack Cycle at Phase One contains guidance for network defenders, applicable to all organizations, and for software manufacturers that focuses on secure-by-design and -default tactics and techniques. Additionally, the guide contains a section tailored for small and medium-sized businesses to aid in protecting their cyber resources from evolving phishing threats.

 

https://www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one

 

https://www.cisa.gov/sites/default/files/2023-10/Phishing%20Guidance%20-%20Stopping%20the%20Attack%2...

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP
2 Replies
JoePete
Advocate I

Unless I missed it, I am a bit disappointed that this guidance does not address reading email in plaintext vs. HTML. Reading in plaintext easily mitigates many email borne attacks, including phishing. At the very least, treat all external email as plaintext. 

Kyaw_Myo_Oo
Contributor III

Hi @JoePete ,

 

Interesting points of view. Thanks for sharing your thoughts and views.

 

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | SAA-C03 | CCSM | CISSP | PMP