Cybersecurity Basics

SpearTip | April 21st, 2023


Threat actors are relentless in their pursuit of your business-critical data and actively seek the path of least resistance to achieve their objectives. The unfortunate reality is that humans are most often front and center in this path. In fact, SpearTip threat intelligence—which is supported by industry data—indicates that over 90% of security breaches are the result of human error through phishing attacks. This is not to disparage employees or ascribe malicious intent to any security incident but rather to make clear the importance of building a security posture based on the basics.

Learning Cybersecurity Basics

One of the most basic and vital components of cybersecurity is discernment. The reality is that no security tool offers a panacea for preventing all attacks, which increases the value of focused and aware individuals optimizing an organization’s overall security posture.

The first step in enhancing the discernment of employees, and any internet user for that matter, is regular and ongoing training on how to spot phishing emails. There are several immediate clues indicating that a particular email may be malicious: asks for personal information, induces panic with time-sensitive requirements, uses a domain different from what is expected, or includes unsolicited links and attachments. Most often, it’s the final element that transforms a threat into a full-blown incident. Training employees to vet the details of each email and avoid clicking on links or attachments will go a long way in preventing your business from being victimized by threat actors.

Similarly, offering regular, ongoing education on how to maintain awareness and avoid falling victim to social engineering attacks will immediately boost a business’ defenses. Social engineering is a common follow-on attack after phishing used in Business Email Compromise (BEC). Like phishing training, social engineering training modules cannot be one-and-done sessions. Employee performance should be tracked so those who are not catching on can be provided additional remedial training. The concept of a chain being no stronger than its weakest link is the right metaphor as threat actors will work to find the slightest gap to infiltrate their targeted environment.

A lot of organizations fail to emphasize the importance of discernment in their team as a security component, which regularly leads to falling victim to phishing attacks or social engineering. A tried-and-true phishing attack method is utilizing a keylogger—a tool that collects every keystroke made on a compromised endpoint—with which threat actors can acquire user passwords, including those for executive accounts. These command a high-profit margin on the dark web as they often have access to the most profitable intellectual property or the ability to approve transfers of large sums of money. Once credentials are acquired, threat actors have a foothold. They can begin moving laterally throughout an environment, looking to escalate privileges or maintain persistence. There are security tools that can prevent all of this from manifesting, but none of those preventative measures are as valuable as human discernment.

Having a properly configured stack of security tools is necessary to optimize a business’ overall maturity and prevent the devastation of BEC or ransomware. Multi-factor authentication (MFA), for example, is an excellent safeguard and prevents upwards of 99% of attacks from advancing within an environment and should be enabled whenever possible.

It’s that remaining 1%, however, where so much damage is done. Like all threat actor tactics, techniques, and procedures, phishing attacks are growing in sophistication and can in certain cases bypass MFA protections. One emerging tactic threat actors are using to capitalize on human susceptibility related to phishing attacks and bypass MFA processes is known as adversary-in-the-middle (AiTM) phishing. AiTM attacks occur when threat actors establish a proxy server between the targeted victim and the site they are accessing. In doing so, threat actors can steal passwords and cookies, which allows network persistence with authenticated access. From there threat actors are positioned to launch follow-on BEC campaigns.

To create the greatest security around your business’s most critical data, it is recommended to offload your cybersecurity to a company that can provide you 24×7 protection from a Security Operations Center and collaborate on ongoing employee training and education. Doing so will allow you to rest easy and focus on building your business by re-establishing brilliance with the basics.


Connect With Us

Featured Articles

DNS Tunneling
DNS Tunneling: New Tactic To Scan Networks and Track Victims
10 June 2024
Mastermind Behind LockBit Ransomware
Mastermind Behind LockBit Ransomware Unveiled and Charged
07 June 2024
Unchecked User Privileges
Unchecked User Privileges: How to Counter
03 June 2024
Cloud Migration
Cloud Migration Impact on Network Security
28 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.