The National Cyber Security Center (NCSC) in the United Kingdom has warned of spear-phishing attacks, to gather information, by Russian and Iranian state-sponsored actors.
According to the Director of Operations at NCSC, Paul Chichester, threat actors based in Russia and Iran “continue to ruthlessly pursue their targets in an attempt to steal online credentials.” They are compromising sensitive systems.
Who Are These State-Sponsored Actors and How do They Operate?
The SEABORGIUM group (aka Callisto, COLDLIVER, and TA446) is a Russian state-sponsored threat actor with a history of pulling off credential harvesting attacks. They create fake login pages, mimicking legitimate defense companies and nuclear research labs.
The other group, APT42 (aka ITG18, TA453, and Yellow Garuda), assists Iran’s Islamic Revolutionary Guard Corps (IRGC). It is said to be connected with PHOSPHORUS and is part of Charming Kitten, which is a larger group. Although, there are similarities in the modus operandi of the two groups, however, there is no evidence that they are working together.
According to the NCSC, the attacks are aimed at sectors like government organizations, NGOs, academia, defense, think tanks, journalists, activists, and politicians. The threat actors operate by sending tailored messages to the targets after doing thorough research on their identities, interests, as well as professional and social circles. This method is known as spear-phishing. After gaining trust of the targets, malicious links are sent to them in order to steal their credentials, which are then used to log in to email accounts and to gain access to sensitive information.
How to Protect Your Organization From Email Phishing Attacks
Phishing attacks are mostly conducted through emails; however, they can be undertaken via a text message, social media or even by phone. Attackers gain the trust of the victims and then send them malicious links that download malware, or direct them to a compromised website.
Spear phishing involves the attacker using information about your company or its employees to create persuasive and realistic messages.
Here are a few ways you can defend and protect your organization from phishing attacks:
- Multifactor authentication or MFA is a security control, which prompts a user to verify their login identity through a combination of two or more authenticators. The idea is to make it tough for cyberthreat actors to gain access to information systems and networks, even if a password or a personal identification number has been compromised. When multiple factors are enabled, an unauthorized user will not gain access to a system unless they know both or all the factors.
- A lot of organizations focus only on being able to spot phishing emails, however this approach will have limited success as it does not take into account dealing with the attacks that get through and cause harm. It is, therefore, necessary to include technical measures to your approach.
The guidance provided by NCSC has four layers of defense:
- Make it difficult for attackers to reach your users;
- Identify and report suspected phishing emails;
- Protect your organization from undetected phishing emails;
- Respond quickly.
For more information on the guidance by NCSC, on protecting your organization from phishing attacks, click here.
Disclaimer: Any opinions expressed in this blog do not necessarily reflect the opinions of Certrec. This content is meant for informational purposes only.