Key Findings – Email Attacks: This Time, It’s Personal
Like almost all types of cybercrime exploits, the success of targeted attacks relies on technical holes and the all-too-human tendency to misplace trust. Targeted attacks are the most elusive threat to protect against and have the potential to deliver the most potent negative impact. Very low in volume, they focus on a specific individual or group under cover of anonymity provided by specialized botnet distribution channels. Typically, they rely on malware or APTs (Advanced Persistent Threats) to harvest desired data over a period of time. An example of a targeted attack is the infamous Stuxnet worm, which had the potential to severely disrupt industrial computing systems and could traverse non-networked systems, thus placing at risk even systems unconnected to networks or the Internet.
Spearphishing attacks, though more costly to mount and lower in volume than mass spam attacks, also pose serious consequences for today’s enterprises. Many spearphishing attacks ultimately lead to financial theft, making them both highly dangerous to victims and highly valuable to cybercriminals. Spearphishing campaigns, which are a highly customized evolution of the traditional mass attack technique of phishing, can net 10 times the profit of a mass attack.
The global study focuses on perspectives from 361 information technology professionals from 50 countries andwas compiled by Cisco Security Intelligence Operations, which provides real-time threat intelligence to help Cisco stay ahead of the latest cyber threats. Cisco SIO is the world’s largest cloud-based security ecosystem, using SensorBase data of almost 1 million live data feeds from deployed Cisco email, Web, firewall and intrusion prevention system (IPS) solutions.
Download the full report – Email Attacks: This Time It’s Personal]]>
Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.
Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack: