CISA, FBI, NSA Publish a Joint Guide to Prevent Phishing Attacks

CISA Phishing Prevention Guidance

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly released new guidance on stopping phishing attacks titled "Phishing Guidance: Stopping the Attack Cycle at Phase One."

This comprehensive guide outlines common phishing techniques used by malicious actors and provides recommendations for both network defenders and software manufacturers to reduce the impact of phishing. 

Phishing is a form of social engineering where threat actors send deceptive messages to trick users into revealing sensitive information or taking actions that compromise systems.

Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use.

The guidance encourages organizations to implement protections such as multi-factor authentication, restricting administrative rights, email authentication and monitoring, allowlisting applications, and more.

Specific advice is provided for small and medium businesses with limited resources to prioritize the most impactful defenses.

For software developers, the guide promotes building secure-by-default protections into products including phishing filters, limited privileges, and self-serve app stores. 

Here is a summary of the key points of the guidance -

  • The goal of the guide is to outline common phishing techniques and provide recommendations for network defenders and software developers to reduce the impact of phishing.
  • Phishing is used by threat actors to obtain login credentials or deploy malware.
  • Guidance is provided for all organizations to implement protections like training, multi-factor authentication, email authentication, restricting privileges, and application allowlisting.
  • Specific advice is given for small/medium businesses with limited resources to prioritize awareness training, phishing assessments, multi-factor authentication, password policies, web filtering, antivirus, etc.
  • For software developers, recommendations include building phishing protections by default like filtering, limited privileges, self-serve app stores, and more.
  • Incident response guidance focuses on re-provisioning compromised accounts, auditing access, isolating affected systems, analyzing and eradicating malware, and restoring normal operations.

Following these best practices will increase customers' resilience against phishing campaigns. You can check the PDF version of the Phishing Prevention Guidance. 

CISA urges organizations to promptly report phishing incidents to CISA at [email protected] or call the 24/7 response line at (888) 282-0870. Additionally, State, local, tribal, and territorial (SLTT) government entities can report to the Multi-State Information Sharing and Analysis Center (MS-ISAC) by emailing [email protected] or calling (866) 787-4722.

Organizations are encouraged to use reporting features built into Microsoft Outlook and other cloud email platforms and report spam directly to Microsoft, Apple, and Google, as applicable.

Reporting suspicious phishing activity is one of the most efficient methods for protecting organizations as it helps email service providers identify new or trending phishing attacks. 

To report spoofing or phishing attempts (or to report that you've been a victim), users can file a complaint with the FBI’s Internet Crime Complaint Center (IC3), or contact your local FBI Field Office to report an incident. 

Tips: Indian users can file cybercrime complaints on the National Cyber Crime Reporting Portal. The portal is an initiative of the Government of India to facilitate victims/complainants to report cybercrime complaints online or call the Cyber Crime Helpline in 1930.

Public and private sector organizations can dramatically reduce risk and prevent costly breaches by stopping phishing attacks early in the cyber kill chain.

CISA and its partners urge defenders and developers alike to review and implement this practical new guidance. More information is available on CISA's website regarding malware, phishing, and ransomware defenses.

Read Also
Post a Comment