The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly released new guidance on stopping phishing attacks titled "Phishing Guidance: Stopping the Attack Cycle at Phase One."
This comprehensive guide outlines common phishing techniques used by malicious actors and provides recommendations for both network defenders and software manufacturers to reduce the impact of phishing.
Phishing is a form of social engineering where threat actors send deceptive messages to trick users into revealing sensitive information or taking actions that compromise systems.
The guidance encourages organizations to implement protections such as multi-factor authentication, restricting administrative rights, email authentication and monitoring, allowlisting applications, and more.
Specific advice is provided for small and medium businesses with limited resources to prioritize the most impactful defenses.
For software developers, the guide promotes building secure-by-default protections into products including phishing filters, limited privileges, and self-serve app stores.
Here is a summary of the key points of the guidance -
- The goal of the guide is to outline common phishing techniques and provide recommendations for network defenders and software developers to reduce the impact of phishing.
- Phishing is used by threat actors to obtain login credentials or deploy malware.
- Guidance is provided for all organizations to implement protections like training, multi-factor authentication, email authentication, restricting privileges, and application allowlisting.
- Specific advice is given for small/medium businesses with limited resources to prioritize awareness training, phishing assessments, multi-factor authentication, password policies, web filtering, antivirus, etc.
- For software developers, recommendations include building phishing protections by default like filtering, limited privileges, self-serve app stores, and more.
- Incident response guidance focuses on re-provisioning compromised accounts, auditing access, isolating affected systems, analyzing and eradicating malware, and restoring normal operations.
Following these best practices will increase customers' resilience against phishing campaigns. You can check the PDF version of the Phishing Prevention Guidance.
CISA urges organizations to promptly report phishing incidents to CISA at [email protected] or call the 24/7 response line at (888) 282-0870. Additionally, State, local, tribal, and territorial (SLTT) government entities can report to the Multi-State Information Sharing and Analysis Center (MS-ISAC) by emailing [email protected] or calling (866) 787-4722.
Reporting suspicious phishing activity is one of the most efficient methods for protecting organizations as it helps email service providers identify new or trending phishing attacks.
To report spoofing or phishing attempts (or to report that you've been a victim), users can file a complaint with the FBI’s Internet Crime Complaint Center (IC3), or contact your local FBI Field Office to report an incident.
Public and private sector organizations can dramatically reduce risk and prevent costly breaches by stopping phishing attacks early in the cyber kill chain.
CISA and its partners urge defenders and developers alike to review and implement this practical new guidance. More information is available on CISA's website regarding malware, phishing, and ransomware defenses.