With network perimeters becoming more hardened, the Google Phishing Attack is an ever-popular way for attackers to gain a foothold into a company network.
VerSprite’s own experience with phishing engagements show us just how effective and easy it is to run successful phishing campaigns on corporate clients.
In their 2018 Q2 earnings report, Google has made the claim, “we have had no reported or confirmed account takeovers since implementing security keys at Google.”
As an internationally known brand with over 89k employees, that is quite impressive.
Implementation: Multi-Factor Authentication Works
The lesson here is clear – multi-factor authentication works. VerSprite recommends implementing it wherever possible.
Preference should be given to hardware keys or tokens when considering implementation as they are more secure than softkeys or SMS codes.
Softkey enrollment tokens and SMS code can be intercepted or stolen via social engineering. These attacks are more difficult when a specific hardware key is required.
Pay close attention to securing the enrollment process and thoroughly vet anyone who requests access. If the multi-factor functions themselves cannot be attacked, then hackers will target those responsible for granting access.
As cybercriminals evolve their tactics in social engineering, we too must evolve our procedures in response and prevention. Learn more about social engineering trends and discover how to protect your organization against cybercriminals. Learn More →
Have a targeted need that is best served by a traditional red team? Interested in a cyberthreat exercise that simulates the likely threat motives and underlying attack patterns against employees, vendors, physical locations, self-managed logical networks, and Cloud based services? Learn more →