The US government’s cybersecurity agency, CISA, has warned of a new threat to organizations, highlighting the dangers of spear-phishing attacks. These targeted attacks use specific individuals and companies as targets, making them harder to detect than generic phishing emails.
According to IBM, spear phishing is an effective form of phishing that cybercriminals tailor to be as convincing as possible to their targets. Despite accounting for less than 0.1% of sent emails, spear phishing has led to 66% of successful breaches.
CISA reports that a foreign threat actor is using malicious remote desktop protocol (RDP) files in spear-phishing attacks to gain access to targeted organizations’ networks. This allows the attackers to tunnel into the network via one desktop or deploy malicious code for persistent access.
To boost security and fend off these attacks, CISA has issued a top-ten list of measures, including:
1. Restricting outbound RDP connections
2. Blocking RDP files in communication platforms
3. Preventing execution of RDP files
4. Enabling multi-factor authentication (MFA)
5. Adopting phishing-resistant authentication methods
6. Implementing conditional access policies
7. Deploying endpoint detection and response (EDR)
8. Considering additional security solutions
9. Conducting user education
10. Hunting for activity using referenced indicators and tactics, techniques, and procedures
The key points include enabling MFA, which CISA advises users to avoid whenever possible due to the risk of SIM-jacking attacks. Instead, organizations should use software authenticators or passkeys, which provide a secure physical key without the hassle.
As with other cybersecurity warnings, any form of MFA is better than none, but using stronger alternatives like software authenticators is recommended. This provides the security of a physical key without the inconvenience of relying on SMS-based MFA.
Source: https://www.forbes.com/sites/zakdoffman/2024/11/03/new-microsoft-windows-attacks-stop-doing-this-now-us-government-warns-users