It makes sense, of course, that for a targeted attack like this one, the perpetrators would go to such lengths. Your average phishing scheme likely does not have to in order to succeed. What should be of note, however, is the ease with which Charming Kitten used what’s theoretically a security precaution to further their attack against victims. SMS-based 2FA has been challenged before, and this is another proofpoint to show why password-centric authentication is not trustworthy. In the case of the Charming Kitten attack, the apparent endgame was access to victims’ email messages, ostensibly containing juicy details about the sanctions. Many attacks will go go beyond the inbox, however, using stolen credentials and permitted access to gain entry to databases storing sensitive data — customer PII, financial info, intellectual property, and the like. Stolen credentials are merely the initial exploitation; once procured, credentials are used to allow the attacker to move laterally, undetected, throughout the network. When that is the case, organizations need to think about how to quickly and efficiently stop attack progression.
Microsegmentation: a categorical network security improvement
Implementing microsegmentation gives organizations finer-grained control over who and what is allowed to access sensitive data and areas of the network. Placing multiple internal “perimeters” on the network gives businesses a chance to evaluate and permit or deny traffic based on a range of criteria. User credentials are only part of that equation, as are domains or other address-based information. Importantly, modern microsegmentation (vs. network construct-based solutions) incorporates information on cryptographic properties of devices and processes requesting system access plus information about the environment in which they’re communicating. This in turn strengthens the mechanisms by which users/devices/processes are approved or denied access, helps companies see when something is amiss on the network, and prevents the attacker from reaching their ultimate goal, be it exfiltrating data, installing malware, or trying to escalate privileges.
When coupled with zero trust access, a highly segmented network prevents a breach. Compromise may still occur (there is a school of thought that says compromise is inevitable), but attackers can’t progress towards their goal. For instance, an approved user accessing a legitimate application is allowed. When some form factor changes, though, for example, the request is coming from an Iranian domain or the request is for a never-before seen transaction (e.g., calls for excessive amounts of data), zero trust microsegmentation catches the action and stops it because the user or process doesn’t meet verification requirements that allow for crossing the “gateway.”
Modern segmentation solutions revolve around context and automation, integrating elements of what’s communicating and how. In this way, widespread breach is prevented even if attackers usurp primary controls (i.e., traditional authentication). In other words, the cat’s out of the bag on phishing, but this time there really is something security teams can do about it.