Continuing our ongoing series of expert predictions, the following come from Netskope Threat Labs, including what we see on the horizon for software supply chain, phishing, and ransomware.
Phishing operations will increase in sophistication to bypass MFA
Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorize you to access their accounts. MFA has long been touted as a “solution” to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA. -Ray Canzanese, Director, Threat Research
Software supply chain security will be a bigger focus for organizations.
There has been a significant increase in softw