Multi-Stage Phishing Attacks Are Dangerous
Threat actors rely on a mix of tactics that take advantage of a user’s lack of attention to draw them into interactions designed to hide malicious intent.
The most vulnerable part of an organization is its people, and bad actors know that a distracted worker is an easy target.
Understanding Multi-stage Attacks
Clicking on an email link may lead to a phishing website, but that’s only part of the danger.
The most devious tactics used by attackers involve linking to legitimate, but booby-trapped, websites where an attack happens after the initial interaction. The actual attack may occur after the user views the first web page—further down the chain of interactions between the user and the website.
Down the Interaction Chain
An innocent-looking (often legitimate) web page could serve as a watering hole for advanced phishing or malware attacks after the user clicks on a link.
The attack begins when a user navigates from the initial web page. A hacked website is then able to send malware in the form of third-party plug-ins or redirect the user to a phishing site to gain network access into their system.
After the attacker compromises the network, they can ransom data or systems at will.
Isolation Protects Against Multi-Stage Attacks
Networks protected with Link Isolation are invulnerable to multi-stage attacks. After the user clicks on a link, the new web page tab remains in cloud-based isolation until it is closed. This simple action of isolating links continues to protect the user from phishing attacks and drive-by-downloads from third-party plug-ins.
To learn more about Link Isolation, download our Solution Sheet, or attend our webinar on email isolation.
*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by James Locus. Read the original post at: https://www.menlosecurity.com/blog/multi-stage-phishing-attacks-are-dangerous
