Multi-Channel Attacks Are on the Rise, This Is How Security Teams Can Step Up

Cyber criminals are using ever more complex tactics to infiltrate your business, with one scary one being multi-channel attacks. Today’s threats don’t just arrive in phishing emails, they span Teams / Slack, SMS text messages, cloud apps and voice phishing (vishing) and often these strikes combine several of these in a single attack.  

In this article we’ll look at some real-world examples, cover steps you need to take to protect your organization against them, related statistics and why you need layered defenses to combat them.  

What Are Multi-Channel Attacks and Why Are They Growing? 

A multi-channel attack is where the attack utilizes different vectors to reach their target, often strung together into an attack chain.  

The rise of QR code phishing

There are many variants here and given the ingenuity and adaptability of cyber criminals, we’ll see many new combinations in the next few years, but as a starting point, consider QR code phishing. 

This type of phishing email became “popular” back in 2023, by embedding links to websites in QR codes in an email the attackers achieved two goals – email hygiene solutions that scan links in emails looking for malicious targets often couldn’t understand QR codes and simply saw them as harmless images, plus when the victim received the email, they’d scan the QR code with their phone. 

This moved the attack from a (likely) locked down and protected corporate laptop to the user’s personal smartphone which has a lot less protection. By switching from one channel to another, the likelihood of compromise increases.  

Exploring other attack variants

Another flavor is called spam bombing, where a user’s email address is signed up to thousands of email newsletters, flooding their inbox with junk, making it impossible for the user to find legitimate emails. 

Handily a message pops up in WhatsApp or Teams from “IT Support” offering to help out, with the pretext here obviously that support can’t email the victim as the email would get lost in the sea of spam. 

The next step is often for the user to download a “cleanup tool” that compromises the victim’s computer, acting as a beachhead into the business for further compromises.  

A variant of this is where “support” doesn’t send a message in Teams but instead calls the user. This type of attack is becoming more prevalent, with various types of vishing having success against traditional defenses. 

The human factor in cyber security

Cyber security tools tend to focus on the computer related aspects of attacks, but ultimately the weakest link is us humans. 

You might train your users to be vary of suspicious emails or Teams messages, but they’re much more likely to trust a helpful person on the phone, especially if the attacker spends time building up rapport with them and also has the right answers about the person they’re impersonating if asked. 

There’s obviously overhead for the attackers in vishing, write a phishing email once and you can send it to million potential victims, whereas in a call you’ll need to spend time with each user, plus make sure you speak the language well enough to not arouse suspicion. 

But the payoff can be huge, hence we’re seeing these attacks on the rise. 

The intricacies of phishing links

Most phishing links also uses many layers of redirection from site to site, often incorporating Captchas and other anti-bot technology to block link scanners, but allow humans to continue to the eventual phishing page.  

Another recent multi-channel attack type is device code phishing against Microsoft 365 tenants. 

Here, criminals take advantage of an inbuilt but rarely used feature that allows you to sign into M365 on a device with limited input support (smart TVs for example), by signing in on a computer, and receiving a code that can be entered on the device. 

This again demonstrates the power of tricking users by moving from one channel to another.  

Challenges amid remote work

The increase of remote work adds pressure to these risks, as users are less likely to know each other (except for images in video meetings), thus trust building and knowing who’s an impostor or not is harder.   

Is your helpdesk (generally the lowest paid tier in IT departments) trained in spotting suspicious calls, and do you monitor them effectively enough to spot bribery or coercion tactics? 

The recent successful attack against crypto exchange Coinbase for example used bribes and targeted an outsourced service provider, where at least one staff member was taking photographs of confidential client information with her personal smartphone. 

This tallies with the statistic that the main challenge (26%) for companies worldwide is vulnerabilities in complex supply chain interdependencies.  

The high-profile attacks against two casinos, Caesars Entertainment and MGM Resorts International in 2023 bypassed all the normal cyber defenses and instead relied solely on social engineering and bribes for helpdesk staff to reset MFA methods for privileged accounts.  

In other words – have you examined your cyber defense posture, not just from a point of view of phishing emails or users downloading malware, but from all the different channels that criminals will use to reach your users? 

How Security Teams Can Adapt to the New Threat Landscape 

The upshot of this is that you need to have monitoring systems in place, not just for email hygiene, but also for Teams messages and other channels of communication that your business uses. 

Your security teams can’t defend against what they can’t see, so they need visibility everywhere. However, having several point solutions for each avenue in a multi-channel attack is also counterproductive, as this puts the load on the SOC analysts to manually correlate between alerts in different systems. 

Make sure you integrate the different solutions to give a wholistic view.  

You also need automated responses. Gone are the days where security tools could operate on the principle of “this seems weird, possibly malicious, alert a human”. 

This leads to the SOC drowning in low fidelity alerts and likely missing the signal in the noise. 

Instead, you need advanced systems that use Machine Learning models to understand signals from multiple sources and accurately identifies actual malicious attacks and presenting all the relevant information to the analyst, improving response times and accuracy. 

An example of this category of tools is 365 Total Protection. 

The Role of 365 Total Protection in Defending Microsoft 365 Users 

365 Total Protection offers a holistic and integrated suite of protections for email, Teams, SharePoint, OneDrive and more. 

It provides spam and phishing protection and email encryption to ensure that your sensitive information is only available to intended recipients of it. 

Advanced Threat Protection gives you state-of-the-art email hygiene, catching Business Email Compromise (BEC), QR code phishing and scanning links, not only in emails but also in Teams messages. 

Attachments are opened in our Sandbox Engine and only delivered to the user’s inbox when deemed safe. 

There’s also Security Awareness Service and Phishing & attack simulation to train your users to be aware of multi-channel attacks, Permission Manager for your OneDrive and SharePoint sites, AI recipient validation, comprehensive backup of your Microsoft 365 data in case every other layer fails, and much, much more.  

Real-Time Threat Intelligence and Automated Defense 

365 Total Protection detects and stops threats across the different channels using AI and Machine Learning to catch what others miss. 

And the unified dashboard means your defenders don’t have to switch between tools to understand a multi-channel attack, it’s all visible in one place. 

And if all of these layered defenses fail, 365 Total Backup allows you to recover email, Teams, SharePoint or OneDrive data, from individual documents or emails deleted by mistake to entire mailboxes or sites after a compromise.  

Building a Resilient Defense Strategy for Multi-Channel Threats 

Teach your defenders to understand the risks of multi-channel attacks, and non-traditional types of infiltration, such as social engineering of help desk staff. 

Ensure they have a holistic view of your environment, if staff are using Teams for communication for example, make sure your tools protect them against phishing messages, malicious files and dangerous links.  

Various cyber regulations such as GDPR, NIS2, HIPAA and others are increasingly focused on the need for multi-channel protection, another sign that it’s important to take the risk seriously. And make sure you train your users to be aware too. 

Security is everyone’s responsibility, you need to build a cyber security awareness culture, which doesn’t start with posters and slogans, but starts with leadership from the C-suite. 

Follow up with regular training and phishing simulations where users are sent emails or Teams messages that mimic real attacks, and if the user clicks the link or opens the attachment, they receive additional training.  

---

Step Up Your Defense with 365 Total Protection 

Today’s cyber threats aren’t just coming through your inbox. With attackers exploiting email, collaboration tools, and other channels, your security strategy needs to evolve. 

Hornetsecurity’s 365 Total Protection delivers full Microsoft 365 security – from email and Teams to backup and threat prevention. 

• Detect and block phishing across platforms 
• Get real-time protection with AI-driven threat detection 
• Simplify management with a unified security dashboard 
• Recover quickly from any incident with full backup and continuity 

Don’t leave gaps in your defenses – schedule a free demo today to secure your entire Microsoft 365 environment. 

---

You Can’t Fight Tomorrow’s Threats with Yesterday’s Tools 

Multi-channel attacks are here to stay, and they’ll only become more complex and combine different vectors going forward. 

You need a comprehensive solution like 365 Total Protection in your corner, and you need to evaluate whether your current cyber defenses are up to protecting you against multi-channel attacks.