90% of successful hacks and data breaches start with phishing and all of them negatively impact organizations1.
What is Phishing?
Phishing is the process of attempting to acquire sensitive information such as credentials or credit card details by pretending to be a trustworthy entity such as a bank, social media platform, an IT admin, or even a distant great aunt.
How many times a day do users in your organization get an email from your cloud service provider whether it’s to renew the domain registration or a product update or some sort of alert that is set in place? Now, how many times do your users make sure that email is legitimate and coming from the correct source before clicking on any link provided?
Phishing attacks rose 29% in 2021 compared to 2020. In just the first quarter of 2022 APWG’s (Anti Phishing Working Group) new Phishing Activity Trends Report observed 1,025,958 total phishing attacks, the worst quarter that they have observed to date. The United States stands as the most targeted country for phishing attacks2.
Phishing attackers use a range of tactics and techniques to trick users into giving over sensitive information in order to infiltrate internal systems. The top two phishing attack attempts are through email and SMS. With most MFA authentications being SMS codes one tap is all it takes for an attacker to have the smartphone access they need to bypass two-factor authentication. This includes key logging which is when a hacker can view what information the user types, taps, or even talks about on their phone.
Mitigate Phishing in Your AWS Environment
A phishing compromise to an AWS Environment can be a costly one, costing organizations upwards of many thousands of dollars in damages. A common best practice to mitigate this risk is by enabling Multi-Factor Authentication (MFA). Especially in the AWS root account as this holds all access to anything and everything within your AWS environment. Because the root account should not be used for everyday work, in addition to preventing root account phishing with MFA you can create alarms to alert when the root account is used for any sort of login. In addition to not using the root account for everyday work, it is important to have a separation of roles with granular permissions so that the compromise of one does not put all your assets in danger.
Improving Your Defenses
What are some ways an organization can improve their defenses to such attacks outside of AWS?
To start, everyone in the organization should understand that prevention is everyone’s responsibility, not just the Security team’s. Being vigilant and understanding social engineering tactics are vital to keeping the attack risks low. Also, understanding the different techniques and tactics that these attackers employ will help prevent phishing from succeeding.
For instance, Spear Phishing is a form of phishing that sends mass emails to numerous specific members of an organization. In this case communication is key and alerting others and asking questions if others have received similar messages can stop this type of attack before it has begun.
Another example is SMS Phishing. By having all members of your organization understand that they should never receive a suspicious SMS from any member of your organization asking for certain sensitive information you can stop them from even responding to the message in the first place.
Below are some more best practices to help prevent phishing attacks:
Understand risks the organization faces to better inform policy and technology decisions.
As simple as it may seem, understand that phishing is a common threat that will be encountered in addition to a growing variety of other types of common threats which target all systems from personal devices to the users themselves.
Leverage automated tools to keep your IT systems up to date.
A new vulnerability is found every day and without an automated system to keep track of patches and vulnerabilities these can surface and easily become attack vectors.
Implement anti-phishing solutions.
There are many solutions out there both in-cloud and on-prem that can detect, isolate and remediate these types of threats. Some example solutions are PhishProtection, Material Security, PhishLabs etc.
Deliver best practices training to build security awareness and promote user reporting.
Employees are the number one vulnerability in an organization and should be trained on security awareness and social engineering. AWS has numerous security training videos available that provide valuable information for security awareness. Check out the free AWS Cyber Security Training.
Simulate phishing attacks to identify gaps in your program.
This is a great way to understand where there are gaps in the organization and how you can improve them moving forward. KnowBe4 is a great tool that can provide simulated phishing attacks.
Implementing robust security tooling.
Having security tooling for both remediation and alerting can place you in a better position for those cases in which you do fall for one of these attacks. Services such as AWS CloudTrail, which logs API calls, and AWS Config, which tracks any configuration changes, can really put you ahead of any attack.
With that all in mind I will leave you with a fun infographic3 that can share a little insight into some top phishing trends by KnowBe4. KnowBe4 is an integrated platform for security awareness training combined with simulated phishing attacks.
