In the latest Detection Series webinar, CrowdStrike’s Hari Pulapaka and Lauren Lusty from the MITRE ATT&CK® team joined Red Canary’s Brian Donohue and Alex Walston to explore one of the most common and hard-to-detect initial access techniques: phishing. From email to voice to just about any kind of -ishing you can think of, our panel covers detection, prevention, and insights on new evolutions in tradecraft, including AI.

You can watch the full recording here or check out the clips below.

What exactly do we mean by “phishing?”

Lauren kicks things off by breaking down MITRE’s official definition of phishing as both a reconnaissance and an initial tactic, categorized under the following ATT&CK techniques:

• T1598: Phishing for Information (Enterprise)
• T1566: Phishing (Enterprise)
• T1535: Internal Spearphishing (Enterprise)
• T1660: Phishing (Mobile)

How prevalent is phishing in enterprise environments?

Brian shares some high-level stats about the rise in phishing campaigns in the last year, as well as insights on user reporting from Red Canary’s investigations stemming from our Managed Phishing Response offering.

What are some real-world examples of phishing campaigns?

Citing recent research from Brian Krebs, Brian shines a light on how voice phishing, or “vishing,” has become more sophisticated with AI voice technology. He also touches on one-stop-shop phishing kits, showcasing Zphisher as an example.

What are some of the latest trends in phishing tradecraft?

Alex dives into six emerging phishing trends:

• Phishing from legit domains, or “living off trusted sites” (LOTS)
• Adversary-in-the-middle attacks to gather credentials
• “Scareware” phishing
• OAuth app-based phishing 
• Malicious AI prompts

How do I detect phishing campaigns in my environment?

Hari lays out a comprehensive detection strategy for phishing attacks, including how to responsibly layer AI into detecting every step of the intrusion chain.

What’s new in ATT&CK version 18?

Lauren closes out the hour with a cherry on top for detection engineers: ATT&CK version 18 introduces a “detection strategies” section for every technique page, providing actionable insights into data sources and fine-tuning analytics.