How to Protect Against Evolving Phishing Attacks – National Security Agency

Official websites use .gov
Secure .gov websites use HTTPS

FORT MEADE, Md. – The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them.
 
The Cybersecurity Information Sheet (CSI) “Phishing Guidance: Stopping the Attack Cycle at Phase One” outlines tailored cybersecurity controls for Information Technology (IT) departments to reduce phishing attacks, also known as electronically delivered social engineering. The Cybersecurity and Infrastructure Security Agency (CISA), NSA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) co-authored the CSI.
 
“Knowing how to navigate phishing danger is essential because anyone can fall victim to these attacks,” said Eric Chudow, NSA’s Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert. “Cyber threat actors are constantly evolving their techniques and harnessing new technologies to their advantage, including artificial intelligence. They are also finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions.”
 
Cyber actors employ a wide range of technologies and platforms to conduct phishing attacks. Common vectors include short messaging system (SMS) text messages and chats in platforms such as Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger. Such attacks may lure users into divulging their login credentials or clicking a malicious hyperlink or attachment which then executes malware.
 
The CSI provides detailed mitigations to protect against login credential phishing and malware-based phishing, as well as steps for identifying and remediating successful phishing activity. It lists more than a dozen best practices for IT professionals to follow to avoid their organization being compromised, including phishing-resistant multi-factor authentication (MFA), phishing filters for links and attachments, protective DNS, application allow-lists, and remote browser isolation.
 
Additional guidance in the CSI focuses on software manufacturers implementing secure by design and default tactics and techniques. Software manufacturers should develop and supply software that is secure against the most prevalent phishing threats. The co-authoring agencies urge organizations to hold software manufacturers to a secure-by-design technology standard and build these and other mitigations directly into products to protect users and organizations from phishing’s malicious effects.
 
Read the full report here.
 
Read NSA’s secure-by-design guidance.
 
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
Civil Liberties, Privacy, & Transparency Office
Diversity, Equity, Inclusion, & Accessibility

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *