Call us on 03450 21 21 51

SRM Solutions
Phishing attacks and the perks of purple teaming
The SRM Blog

Phishing attacks and the perks of purple teaming

Julia Wailes-Fairbairn

Written by Julia Wailes-Fairbairn

1st July 2019

Share this article

Cyber criminals are like magicians; they rely of sleight of hand. Like theatrical entertainers, they misdirect so that the trick occurs when the audience least expects it. So while many businesses are pre-occupied with GDPR, viruses and malware, hackers may be focusing on much easier prey: on the individuals within a business who hold access codes and can be tricked into disclosing them. Of course, no one would intentionally reveal passwords or access codes to a criminal. This is where the sleight of hand occurs. Exploiting the human link in the online security chain, phishing relies on setting up a false trust. Posing as a trustworthy source to persuade an individual to part with sensitive information, the attacker is able to gain entry into a network.

Phishing attacks are the top cyber threat of 2019. According to the Department of Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2019, 80 per cent of organisations breached or attacked in the last 12 months were targeted through phishing. This compares to 20 per cent who reported viruses, spyware or malware attacks and 12 per cent who reported ransomware attacks.

The success of this type of attack can be attributed in part to the fact that very few phishing emails actually contain malware and are therefore not picked up by security software. This makes phishing one of the hardest type of attacks to tackle. Another reason for the popularity of this type of threat vector is that it is comparatively low risk for hackers. Most phishing sites stay online for just four to five hours and only 17 per cent of attacks are reported.

There is also the attritional nature of phishing attacks: hundreds of thousands of attempts can be made but only one needs to get through to cause harm. The number of potential attackers has also increased with phishing kits now available on the Internet (as well as the Dark Web), meaning that those with only fairly basic technical knowledge can run phishing attacks. GoPhish for example is a free open-source phishing framework which anyone can download. It is useful for simulating phishing campaigns in a testing environment but can also be used maliciously in the wrong hands.

In the face of these challenges and to be at our most resilient, a proactive approach should definitely be considered. This is where Purple Teaming comes in. It combines the skills of an external Red Team with the business knowledge of the resident Blue Team. While the Red Team attempts to breach the infrastructure and systems of an organisation, the Blue team do their utmost to prevent this.

Following a full debrief of the outcome, the teams can work in collaboration to amend their existing strategy and roll out the new one, keeping everyone involved as up to date as they can be and keeping risk of an incident to an absolute minimum.

Purple teaming can also refer to social engineering whereby a trusted third party can simulate a phishing attack to a pre-determined list of email addresses within a business. Anyone who clicks on the link and provides data is included in a report that is then given to the client, and it also allows them to monitor their systems to see where unfamiliar activity appears in their networks in such an event, without the real risk of a proper cyber-attack. The purpose of this is not to embarrass, but to help shape future training programs, and also allows internal security teams to familiarise themselves with how they would go about reporting a suspected breach to the relevant internal contacts.

So how should we approach the issue? Awareness and training are key and this should extend from the most senior to the most junior members of the organisation. Training should therefore be included in every organisation’s security policy. Businesses wanting to lead from the front have made annual training and incident response testing an annual, company-wide event.

To discuss Purple Teaming or any aspect of your information security, call +44 (0) 3450 21 21 51.

Or visit our website.

Follow us on Linkedin.

Or read our blog:

What’s Up with WhatsApp?

What is a vulnerability assessment and how should you use it?

A reactive mindset is today’s biggest threat to data security