Business Cybersecurity: Phishing Takes an Evil Turn

Cybersecurity is a never-ending challenge for every business. A new phishing exploit illustrates ever-increasing cyber threat sophistication.

The Classic Phishing Exploit

Phishing aims to lure a remote network user into divulging login credentials. The exploit begins with an email that closely mimics the format of the target business. This email asks the recipient to log into their company portal with a provided link. In reality, the link leads to the cyber predator’s site, constructed to resemble the login screen of the target business. If the email recipient falls for the ruse and enters their username and password, cybercrooks gain easy entry to a network.

These exploits spurred the development of two-factor authentication. With 2fa, each user must augment their login credentials with a time-limited password generated by an authentication application. 2fa apps helped thwart phishing attacks for a time, but resourceful cybercrooks engineered a clever response.

Next-Gen Phishing With Evilgenx

For cybersecurity professionals, Evilgenx software lives up to its name. The attack begins like the classic phishing ploy, with an ersatz email linked to the criminal’s website. But instead of presenting the user with a phony login page, the Evilgenx application routes the user’s request to the target business’s genuine web portal.

Positioned between the user and target, Evilgenx records all of the user’s login data, including 2fa codes. Cybersecurity pros now recommend using plug-in hardware keys to thwart this exploit.

As businesses confront rising cyber threat sophistication, vigilance backed by cyber liability insurance is the way forward.