#CyberFLASH: New reports warn of extent of phishing

FEATURE-Phishing-SHUTTERSTOCK-620x250Phishing is one of the easiest ways an attacker can infiltrate malware into an organization or trick victims into going to a fake Website, with one vendor saying it found one million confirmed malicious phishing sites in 2015. Unfortunately, the strategy also gives truth to the old adage that people are the weakest link in security.

Two reports released by vendors on Thursday hope to give CISOs a little more insight into phishing attacks.

One, from PhishLabs, says it is currently tracking more than 90 threat actor groups that use spear phishing, with experience ranging from novice cybercriminals to advanced nation-state cyber operations. The number of organizations targeted with the co-called Business Email Compromise (BEC) spear phishing attacks– aimed narrowly at senior officials, with the phishing mail impersonating an executive — grew tremendously in 2015, it adds.

“Phishing attacks are cheap, easy to execute and difficult to stop,” it says. “People will continue to fall for phishing attacks. No security tool or training regimen will prevent that from happening. But by detecting phishing attacks early, when they are launched and as soon as they reach inboxes, it is possible to stop the attack and prevent the consequences even if someone does initially fall victim.”

Other significant findings include:

  • 90 per cent of consumer-focused phishing attacks targeted financial institutions, cloud storage/file hosting sites, webmail and online services, e-commerce sites, and payment services’
  • Gmail is used for more than half of all data drop email accounts, making it the top webmail service used by attackers to receive credentials stolen in phishing;
  • Social media is a primary promotion and distribution channel for consumer-focused phishing kits and related goods or services.
  • Techniques to evade your automated detection of phishing attacks and to prevent analysis of attack components are becoming more commonplace, even among less sophisticated threat actors.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.