Dissecting a Multi-stage Phishing Attack.

May 20, 2024  |  Shigraf Aijaz

Phishing is one of the most common forms of cyber attack that organizations face nowadays. A 2024 risk report states that 94% of organizations fall victim to phishing attacks, and 96% are negatively impacted by them. However, phishing attacks are not only growing in number but are also more sophisticated and successful. This is owing to the modern multi-stage phishing attack, which is common nowadays.

The multi-stage phishing attack is a sophisticated and multifaceted technique that increases the likelihood of success of an attack. While these attacks are becoming increasingly common, there needs to be more awareness of them. Therefore, to find relevant measures for mitigating these attacks, organizations must gain crucial insights regarding these multifaceted threats covered in this blog.

What is a Multi-stage Phishing Attack?

As its name suggests, a multi-stage phishing attack is a complex form of traditional phishing. In a multi-stage setup, a phishing attack relies on more deceptive strategies and phases rather than solely relying on one deceptive email, unlike in a traditional phishing attack.

All the phases within the multi-stage phishing attack are designed to build trust and gather relative information about the target over time. Since this approach works discreetly on a multi-phased setup, it allows threat actors to bypass advanced security measures such as residential proxies and phishing detection tools.

Multi-stage phishing attacks are a common occurrence in the modern cyber threat landscape. Attackers use this sophisticated layered tactic to deploy targeted ransomware or while conducting successful business email compromise (BEC) attacks.

Dissecting a multi-stage phishing attack

A multi-stage phishing attack is a sophisticated strategy that relies on a sequence of carefully designed steps. These steps help increase the probability of a successful phishing attack by evading advanced security and detection techniques. A typical multi-stage approach to the attack consists of the following phases:

Initial Contact

Like any traditional attack, the multi-stage attack starts with the threat actor initiating contact with the target through seemingly innocuous means. These include social media messages, phishing emails, or even physical methods such as USB drops.

Establishing Trust

After establishing contact with the target, the threat actor builds trust. This often involves impersonating legitimate entities or using communication channels familiar to the target, making it easy for them to fall victim and trust the threat actor.

Introducing Complexities

As the attack progresses, the threat actor introduces complexities such as using CAPTCHAs, QR Codes, and steganography to create further layers of deception, guaranteeing the attack's success.

Exploitation

The final stage of the attack involves exploiting the target. At this stage, the threat actor could either deploy malware, extract sensitive information, or perform any other malicious activity that might have been the goal of the whole attack. This multi-layered nature of a phishing attack makes it hard to detect through traditional security tools like residential proxies and phishing detection tools. Therefore, it ultimately makes the attack successful.

How QR Codes, Captchas, and Steganography Are Used in Layered Phishing Attacks.

In a multi-stage phishing attack, QR Codes, steganography, and CAPTCHAs are used to overcome security barriers and increase the attack's efficiency. Here is how each of these elements is used to ensure the attack is successful:

QR Codes

Quick Response or QR codes have become ubiquitous in various applications since they allow efficient data storage. They have several widespread uses, such as helping with contactless payments, linking physical objects to online content, etc. However, attackers have started exploiting the technology in various phishing campaigns, giving rise to "Quishing."

Attackers use QR codes in credential harvesting and social engineering attacks and spread malware by embedding innocuous-looking QR codes with fake URLs. By using QR codes, attackers can bypass traditional phishing detection tools since they are designed to identify text-based phishing attempts and are, therefore, unable to decipher the content within QR codes.

CAPTCHAs

Thoroughly Automated Public Turing tests to tell computers and Humans apart is a longstanding defence method created to identify automated bots and defence scripts. CAPTCHAs play an essential role in web security and help enable account security by bypassing brute force attacks and unauthorised access. They also help bypass automated bot services that abuse online services and help distinguish between a genuine user and a probably malicious automated bot.

However, attackers exploit CAPTCHAs in phishing campaigns to instil a false sense of security or redirect users towards malicious content. Often, attackers include CAPTCHAs in phishing emails or fake websites to trick users into believing they are interacting with a legitimate platform. CAPTCHAs are also now commonly used in crowdsourcing attacks and social engineering attacks.

Steganography

Steganography is the science of concealing information within seemingly harmless files. The method aims to hide the very existence of a message and is commonly used in data protection and anonymous communication. Threat actors have also started exploiting steganography to embed malicious content. To achieve their goal, an attacker may covertly embed malicious content using image, audio or text-based steganography using imperceptible alternations within each.

In a phishing attack, attackers use steganography to evade detection. They may embed malware within harmless-looking documents and share them via phishing emails, allowing them to bypass detection. Additionally, attackers may use steganography in phishing sites to embed malicious URLs within files or images. Within advanced multi-layered phishing campaigns, a threat actor may use steganography across multiple media types to complicate the detection efforts.

How can organisations stay safe from these layered threats?

The main problem with multi-stage phishing attacks is that they are stealthy and sneaky. Since security tools and phishing detection software are often useless against them, the best way to stay safe from these threats is to practise vigilance and caution. Here is how organisations can ensure security:

  • It is crucial for organisations to regularly monitor and audit their network traffic to detect suspicious and malicious activities.
  • Organisations must have a robust incident response plan to ensure they react quickly and efficiently to attacks.
  • It is necessary for organisations to spread relevant information and employee training against phishing attacks and to provide relevant information regarding these multi-layered threats.
  • Organizations can use gaming learning modules to provide employees with hands-on, reality-based training and build experience in dealing with such attacks.
  • Employees must be given caution to verify any URL by hovering the cursor over it to avoid clicking on suspicious websites.
  • Organisations must ensure that they constantly learn and are aware of the latest phishing trends and techniques to recognize and avoid them.
  • There must be a trust-based system that will allow employees to report any suspicious activities immediately.
  • Employees must be aware of the need to exercise extreme caution while scanning QR codes, especially from unknown sources, locations, or messages.
  • CAPTCHAs must be handled with extreme caution. If a CAPTCHA appears embedded, it is best not to add personal information.
  • Every employee within the organisation must be made aware of steganography.
  • Employees must be forewarned to be wary of unsolicited files from unknown senders, especially when they arrive with suspicious messages.

While these methods are not entirely foolproof, they can provide reasonable security against multi-layered phishing attacks and could protect an organisation from significant damage.

Final Words

As the cyber threat landscape continues to evolve, traditional cyber attacks are becoming more sophisticated. While traditional phishing was already dangerous, stealthy, and harmful to organisations, its multifaceted version poses an even bigger threat that organisations must remain prepared against. Moreover, as traditional cyber attacks are evolving, there is also a dire need for organisations and cyber security professionals to introduce more sophisticated methods that will guarantee ultimate privacy and security from these modern threats.

Share this with others

Tags:

Featured resources

 

Futures Report

2024 LevelBlue Futures™ Report: Cyber Resilience

Get price Free trial