Phishing Guidance: Stopping the Attack Cycle at Phase One

Last week, CISA, the National Security Agency (NSA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, “Phishing Guidance: Stopping the Attack Cycle at Phase One.” The joint guide outlines phishing techniques threat actors commonly employ and provides guidance for network defenders to help reduce the impact of phishing attacks.

A form of social engineering, threat actors frequently use phishing with the intent to get their targeted victims to visit an illegitimate website or to download malware. Indeed, phishing attacks continue to be the number one attack vector for threat actors seeking to compromise a victim. To help organizations better understand this activity, this guide categorizes phishing into two common tactics: phishing to obtain login credentials and phishing to deploy malware. It expands upon the two tactics by detailing the techniques frequently used by these actors, such as impersonating supervisors/trusted colleagues, using voice over internet protocol to spoof caller identification, and using publicly available tools to facilitate spear phishing campaigns. The product also offers best practices and recommendations to help to reduce the likelihood of a successful phishing attack. Additionally, the guide contains a section tailored for small and medium-sized businesses to aid in protecting their cyber resources from evolving phishing threats. Access the full guide at CISA.