Phishing attack

 Phishing attack 

Phishing and spearphishing remain the two most widely used vectors for network security breaches, business email compromises and other enterprise security issues. With the number of reported email phishing attacks up for the third quarter in a row, the problem is only increasing as attackers from APTs to unsophisticated buyers of ransomware-as-a-service on the DarkNet understand that the weakest link in every security solution ever-devised is always the human element.

Understanding why phishing attacks work and which people and departments are most vulnerable is an important part of developing your security posture. In this post we’ll take a tour of phishing techniques, vulnerable targets and organizational impacts to help you better prepare for the assault on your network, staff and business.


What Are The Business Impacts of Phishing Attacks?
As the councils of Lake City and Riviera Beach recently found out, the impact of staff that fall for a phishing link can be immediate and costly. Lake City handed hackers $460,000 to regain control of their email and servers in the same week that Riviera Beach reportedly stumped up $600,000 to recover from a similar ransomware attack. It appears that in both cases the criminals used social engineering to convince employees to click an email link which then downloaded malware to the victim’s device.
According to data collected by Proofpoint’s State of the Phish 2019 report, over the last year, 65% of phishing attacks resulted in credential theft or a business email compromise, nearly 50% led to malware infections and almost a quarter to loss of business data.

In order to achieve their goals, cybercriminals are using a range of delivery techniques to scam business employees. These include targeted and generic business emails that request invoices to be paid, invite employees to sign-in to a cloud-base services in order to download or edit an online document, or threaten that an account or service will be suspended unless immediate action is taken.



Who Is Being Targeted by Phishing Attacks?

The short answer to that is: everybody! But in order to make better decisions about how to handle the threat and direct your phishing simulation and training activities, it’s helpful to get into the sticky details. Who is the most vulnerable, and what kinds of attacks do they fall for?


Cybercriminals target specific job functions and departments in different industries, relevant to their goals. For example, ransomware attackers are more likely to focus on phishing campaigns that target HR inboxes as these commonly receive large amounts of legitimate attachments. For that reason, HR staff habitually open attachments in order to get their work done, so slipping in a malicious PDF or Word.doc obviously has greater chance of success there as opposed to an inbox that does not regularly receive attached documents.

What Can I Do To Protect Against Phishing Attacks?

Evidence suggests that active training such as running simulated phishing campaigns has a measurable impact on reducing the success rate of phishing attempts but training needs to be continuous. The phishing landscape does not stand still, and staff churn is likely to mean that there will always be a portion of your workforce that is not up to speed with the training programs that you have previously offered.


There are a number of resources you can use if you don’t already have your own training programs in place, from the simple but useful tests like Jigsaw’s Phishing Quiz to more convincing simulations provided by companies such as Proofpoint and KnowB4.


On top of training, be sure that you have good security solution like SentinelOne that can autonomously block code execution from phishing attacks – whether that is a malicious attachment or fileless malware executing in memory – and that can inspect encrypted traffic and enforce firewall control to block known phishing domains.



Comments

Post a Comment

Popular posts from this blog

Adware !!

Image
    WHAT IS ADWARE  ?  Adware, or advertising supported software, is software that displays unwanted advertisements on your computer. Adware programs will tend to serve you pop-up ads, can change your browser’s homepage, add spyware and just bombard your device with advertisements. Adware uses the browser to collect your web browsing history in order to ’target’ advertisements that seem tailored to your interests. For example, adware barrages you with pop-up ads that can make your Internet experience markedly slower and more labor intensive. The most common reason for adware is to collect information about you for the purpose of making advertising dollars. It’s called adware when it’s on a computer, and madware when it’s on a mobile device, such as your smartphone or tablet. No matter what the adware or madware is, it’s likely going to slow down your machine and or even make it more prone to crashing. Mobile Adware: There’s two ways a mobile phone or other connected ...
Read more

India and Globalization

Image
- Nayan Chourey Globalization   India facing Globalization   G lobalization defines the growing interdependence of the world’s economies, cultures, and populations, brought about by cross-border trade in goods and services, technology, and flows of investment, people, and information. One of the effects of globalization is that it promotes and increases interactions between different regions and populations around the globe. The wide-ranging effects of globalization are complex and politically charged. As with major technological advances, globalization benefits society as a whole, while harming certain groups. Abundant theoretical studies demonstrated that globalization intercedes in a cultural life of populace that raises numerous critical issues. The factors which are aiding globalization are Technology, LPG Reforms, Faster Transformation, Improved mobility of Capital, Rise of MN-C's. These factors have helped in economic liberalization and globalization and have f...
Read more

All about Self-Love

Image
~ Aarya Gupta Summing up all the talks about self-love I think it the most needed thing for today's generation. Because of all those social media influencers we tend to compare ourselves with them and set standards beyond reality causing us to hate ourselves. Well I think that's relatable Isn't it? Anyways, no one is born hating themselves. It all starts when we start to get affected by other's opinion about ourselves. When we start to see ourselves from their point of  view and try to fit into the mold that society made by behaving the way people suppose you to be. But in doing so we forget that the opinion that matters the most is the one of our own and by the time of this realization we had already lost ourselves and hate ourselves.  So how do we revert  back to to being unapologetically ourselves just like that carefree daydreaming kid we used be, who didn't cared about being judged by others and didn't hate oneself. We can start doing one thing daily that m...
Read more