The rise in spear-phishing as a means to deliver potentially devastating malware to businesses has been one of the more troubling trends in cyber-security over the past year. And it’s a trend that looks likely to continue. Although, as experience tells us, these types of threats tend not to stand still, ever evolving to maintain it's capability to cause chaos.
While it’s impossible to know the exact nature of this evolution, we can make some educated predictions, based on past activity and current trends. Allowing us to peer into the crystal ball of internet security.
In a sense this is a prediction based upon things we’re already seeing. For while the overwhelming current route for phishing attacks remains email, there’s been an alarming increase in the use of social media as a new platform of attack. Indeed, through 2016 there was a 150% increase in phishing activity on social media.
Known as angler phishing, it involves hackers creating fraudulent social media accounts, posing as well-known brands, often banks, in order to gain access to user accounts, financial information, or sensitive data. It’s a baiting tactic that’s been used on Facebook and, in particular, Twitter – such as recent examples involving a fake Barclays customer service account hijacking conversations with the lure of assistance.
With as many as 2.6 billion of us are expected to be on social media by 2018, and with its increasing importance in corporate marketing and communications, expect this to be a growing threat in the year to come.
One of the ways in which old-style phishing morphed into the spear-phishing threat that’s been so damaging in the last year or two was in the migration towards more innocuous looking messages. Emails that look as though they’ve been sent via an official channel – an invoice, CV or receipt of payment, the kinds of things you’d likely encounter within a daily inbox.
It’s a tactic that can be readily deployed towards the SMS / Text message arena.
Hackers and spreaders of online malevolence are ever seeking vulnerabilities in a network. Text messaging offers such a threat. The pretence at being someone they are not is easily achievable and this is a potential problem for businesses. With bring your own device policies having greater prominence in the workplace, the threat to business networks via harmful phishing texts could prove an increase concern.
Phishing as a Service
This is a worrying, somewhat sinister prospect for the future of phishing, although not wholly surprising. As spear-phishing continues to deliver rich pickings for cyber-criminals so the demand for reliable tools to carry out such attacks is going to grow.
It’s already possible for wannabe hackers to find PhaaS on the black market or so-called dark web. Ready-made tool kits to make it easier and cheaper to launch ransomware or data theft attacks for those wishing to do so.
The concern, moving into 2017, is that such tools become more readily available, increasing the already high threat.
Spear-phishing has hit hard in the past year, with even the US Secretary of Homeland Security admitting it’s the main threat to global online security. It suggests that the threat won’t be going away anytime soon, with the need for vigilance greater than ever. But, like all cyber-threats, it’s a problem that won’t remain constant. A problem that will continue to evolve, continue to probe new areas of weakness, as it continues to wreak havoc on those who are ensnared.
Meaning a continued need for our security measures to grow and evolve to meet the ever changing threats.