In the latest edition of Verizon’s Data Breach Investigations Report, we read that stolen credentials, phishing and exploitation of vulnerabilities are the three primary ways in which attackers access an organization. With so many security solutions out there, how does this keep occurring and what can we actually do about it?
Let’s dive a bit deeper into each vector and learn how Forcepoint RBI safeguards against each one of them:
1. Stolen credentials:
Cybercriminals use a variety of tactics to steal users’ credentials, which are then often sold on the dark web or used for further attacks.
How it works: Imagine this scenario: One of your employees receives an email from a hacker posing as an IT admin asking to reset their corporate email account. Believing the email is legitimate, they click on the provided link and unknowingly give away their credentials. The attacker can now access the user’s email account and can compromise sensitive data or launch further attacks.
Think this scenario is unlikely? Verizon’s 2023 DBIR reports “74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”
How Forcepoint RBI safeguards against it: Forcepoint RBI assesses the risk score of websites in real time and can automatically turn the site into read-only mode. This ensures that users do not inadvertently disclose sensitive information.
See it in action:
2. Phishing attacks: Email remains a primary vector for phishing attacks. Cybercriminals send deceptive emails, impersonating a trusted entity to trick recipients into clicking malicious links, downloading malware-laden attachments or revealing confidential information. Phishing campaigns frequently target C-level executives and often cause financial and reputational damage.
How it works: Through social engineering, cybercriminals conduct reconnaissance on unsuspecting victims’ social accounts such as LinkedIn, Facebook and other publicly available resources. After the investigation, the hacker sends a phishing email to the intended victim. An employee in the financial department, for example, might receive what looks to be a legitimate invoice with a payment link from a known and trusted vendor. Once the user clicks on the link, malicious code starts to execute.
How Forcepoint RBI safeguards against it:
Within an isolated browsing session, malware and other threats are confined within a virtualized environment. Once the session is terminated, all data, including malware, is discarded and cannot reach local devices or the network. In cases where there is a malicious document attached to the phishing email, Forcepoint RBI goes beyond content isolation to also apply the Zero Trust framework to documents. Forcepoint RBI includes Zero Trust Content Disarm and Reconstruction (CDR), an additional security layer that does not rely on AV scans. Instead, it removes all code from documents and leaves only the benign original data.
See it in action:
3. Exploitation of vulnerabilities: Cybercriminals are fast to exploit software vulnerabilities. These vulnerabilities can exist in operating systems, web browsers or third-party software. Once a vulnerability is exploited, attackers gain unauthorized access to systems, deploy malware and exfiltrate sensitive data.
How it works: In the recently discovered zero-day exploit CVE-2023-4863, a security flaw caused by a heap buffer overflow in the WebP code library impacted all four major web browsers. A user can easily fall victim to the unpatched vulnerability, as this type of attack allows cybercriminals to execute malicious code by simply directing users to a website they control.
How Forcepoint RBI safeguards against it: By fully isolating web browser traffic, you can prevent malicious actors from exploiting any vulnerability found on web browsers or other software. Forcepoint RBI creates a Zero Trust environment that does not allow active code to reach the user’s endpoint device.
See it in action: