Fighting Against Phishing Attacks with Shadow IT Discovery

Published: 27 February 2022

Reading time: 3 minutes

The world stopped or came to a standstill in 2020, but the one thing that didn’t slow down was phishing attempts on businesses. They continued at high speed into 2021. And in the beginning of this 2022. we are witnessing a total different disaster in Ukraine, with cyber-attacks on a completely different level.

Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user’s personal or financial credentials by using either malwares or social engineering. Detection of phishing attacks with high accuracy has always been an issue of great interest.

Once attackers get hold of credentials, they immediately start to try utilizing them. In fact, according to Agari’s research (anatomy-compromised-account.pdf), stolen credentials are already being validated within 12 hours of the successful phishing compromise.

According to IBM’s 2021 Cost of a Data Breach Report, stolen user credentials were the most common attack method for attackers:
– 85% of phishing attempts went after user credentials
– 20% of data breaches started with compromised user credentials
– 82% of users admit they reuse passwords across various accounts


Most popular phishing methods employed by cybercriminals:
– 96% of phishing attacks emerged from email
– 61% of companies deal with phishing attacks via their social media channels
– 65% of targeted attacks focus on spear phishing, often aimed at stealing the credentials of top executives
– 3% of phishing attacks occur through fake websites
– 94% of malware attacks originate from emails sent to victims

Industries most vulnerable to phishing attacks based on company size, according to KnowBe4’s

Large companies
Technology – 60%
Healthcare and Pharmaceuticals – 49%
Manufacturing – 47%

Medium companies
Construction – 50%
Healthcare and Pharmaceuticals – 49%
Business Services – 44%

Small companies
Healthcare and Pharmaceuticals – 45%
Education – 42%
Manufacturing – 41%

Anti-phishing solutions have one thing in common, they are only capable of preventing phishing attacks if they recognize them. Similar to an IPS or a firewall, email filtering and web filtering solutions have a one-off chance to block dubious content and prevent employees from visiting phishing sites. If they fail, the organization is at the mercy of their employee’s vigilance.

Blacklists seem to be very ineffective due to the messy nature of the web, very similar to spam filtering, where no “one-true-blacklist” exists for all to go by.

Prevention is not possible
Once employees provide credentials, prevention has failed, and detecting fraudulent access to cloud-hosted environments with legitimate credentials is already tricky, not to mention business email compromise and other socially engineered attack vectors. But there is a silver lining, as none of the network or email-based solutions can detect the most critical step in a successful attack: when the employee enters their credentials.


There is a solution with Shadow IT Discovery
Scirge monitors corporate email and password usage via its unique Shadow IT discovery capabilites, and thus a new account on an unknown URL can immediately raise alarms. URLs for humans may be deceptive, but cold-hearted algorithms will detect if it differs from the domains previously used with the same credentials. Public domain-age information is also immediately available to correlate if the domain was registered recently.

On top of all, the fingerprinting of passwords (using one-way secure hashes) allows Scirge to identify which exact account was compromised within a few seconds. In case an LDAP, AD or other high impact credential was provided on a new domain, password reset and warnings to employees can be issued immediately.

Detecting phishing attacks that were not prevented by email filters, network traffic filtering or via user awareness is the last line of defense that could and should be added on top of every other layer. Similar to NDRs, EDRs and XDRs watching for compromised networks, Scirge adds phishing detection on top of other existing preventive measures.

ALFATEC Group can offer you Shadow IT Discovery solution. Contact us!

To make this website run properly and to improve your experience, we use cookies. For more detailed information, please check our Cookie Policy.

  • Necessary cookies enable core functionality. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.