One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1870140 |
| Date de publication | 2020-08-19 11:00:00 (vue: 2020-08-19 11:13:01) |
| Titre | How to check the effectiveness of phishing |
| Texte | This blog was written by an independent guest blogger. You can install the latest generation of security software to protect against evil hackers, but what is the use of it if your employees continue to follow phishing links? Several security companies conduct social and technical research of real-life phishing attacks aimed at different businesses and are impressed with the scale of the problem. The purpose of such studies is not only to understand how hackers deceive the staff and which hooks do they use but also to draw the right conclusions about what type of security awareness training to use and how often it is needed. One of the security companies I work with sent more than 15 thousand “phishing” emails to corporate mailboxes in 2019. Let’s see their results. What is inside the phishing email? According to statistics, last year, phishing became the most popular tool for penetrating the companies’ infrastructure. Attackers used this method in 70% of attacks. The second place took RDP hacking. Globally, all phishing emails are trying to provoke a user to one of two actions - click on a phishing link or open a malicious attachment. During pentest projects, depending on the final task, researchers send employees several letters with a link to a web form for entering account credentials or Microsoft Office documents with malicious macros. Most messages use harmless files that allow researchers to track only the fact of following the links or opening attachments. But sometimes, researchers send documents that contain macros that allow them to get remote access to workstations. Using such messages, researchers can check not only the vigilance of employees but also the reliability of the means of protection. The main task of each such project is to make the “phishing” email to look as realistic as possible. Researchers try to craft letters and build the overall logic of the attack in the way a real cybercriminal would do it, assuming, for example, that the goal of the attacker is to gain access to the correspondence of the company’s top management personnel. Usually, attackers start with harvesting information about the company using open sources. In one of the cases, our “attackers” discovered Outlook Web App, as well as news about the presence of a 0-day vulnerability in a browser used by this company. An attacker, preparing for an attack, considers all possible ways to achieve the desired goal and selects the most suitable and effective way. What was found? From our experience, users are more likely to open file attachments rather than provide their data via a web form. In each of the companies that were tested, several employees open attachments without any delay. Among email topics used, corporate bonus programs (employee discounts, corporate offers from partner companies) turned out to be the most effective. About 33% of addressees reacted to such letters. The second place took letters that asked employees to read the new corporate rules or other important corporate documents. Especially successful are attacks that have to do with current events. For example, in December, it is highly effective to offer the victims to check the work schedule for the upcoming holidays or find out about discounts on holiday events. This spring, the hottest topic, of course, was COVID-19. 15% of the |
| Envoyé | Oui |
| Condensat | 100 2019 about access according account achieve actions acts address addressees adjusting against aimed all alleged allow also always among any app are asked assuming attachment attachments attack attacker attackers attacks awareness became becomes blog blogger bonus browser build businesses but can cannot carelessness cases changing check clear click committed companies companies’ company company’s complete conclusions conduct considers contact contain contained content continue corporate correspondence course covid craft credentials current cybercriminal cybercriminals dangerous data day deceive december decreases delay depending desired determined different disclose discounts discovered documents domain draw during each easily effective effectiveness email emails employee employees enough entering especially events evil example existent experience fact file files final find follow followed following forget form found from full gain general generation get globally goal group guest hacker hackers hacking harmless harvesting have higher highly holiday holidays hooks hottest how important impressed independent information infrastructure inside install its larger last latest let’s letter letters level life like likely link links lists logic look macros mailboxes mailing main make malicious malware management masked materials means measures memo message messages method microsoft modern more most name need needed new news non not note notify offer offers office often one only open opened opening other out outlook overall partner penetrating pentest people personalized personnel phishing phishing: place popular possible potentially predictable preparing presence problem programs project projects prompting proportion protect protected protection provide provoke purpose rather rdp reach reacted read real realistic recipients regularly relevant reliability remote research researchers responsibly results right rules scale schedule second security see selects send sender sent several should show signs situations social sociotechnical software sometimes sources spring staff start statistics studies successful such suitable system taken targeted task technical tested than them therefore: these those thousand three timely tips took tool top topic topics track training trusted try trying turned twisted two type types understand unknown upcoming use used useful user users using usually victims vigilance vulnerability way ways weak weakest web well what when which who without work working workstations would written year your |
| Tags | Malware Tool Studies |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.