The NSA, FBI and Multi-State Information Sharing and Analysis Center (MS-ISAC) have published a report on “stopping the attack cycle at phase one.” Get it here.
“The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint guide to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. This will help to reduce the impact of phishing attacks in obtaining credentials and deploying malware…
…The guidance for software manufacturers focuses on secure-by-design and -default tactics and techniques. Manufacturers should develop and supply software that is secure against the most prevalent phishing threats, thereby increasing the cybersecurity posture of their customers.”
The report will not surprise cyber security experts, but it includes highly-detailed mitigation steps in a clear process, augmented by useful links.