One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8394756 |
| Date de publication | 2023-10-12 10:00:00 (vue: 2023-10-12 15:07:10) |
| Titre | L'évolution des attaques de phishing The evolution of phishing attacks |
| Texte | A practical guide to phishing and best practices to avoid falling victim. Introduction Over the past several years, remote and hybrid work has quickly gained popularity amongst those seeking a to reduce the amount of time on the road or an improved work/life balance. To accomplish this, users are often working from multiple devices, some of which may be company issued, but others may be privately owned. Cyberattackers have leveraged this trend to bypass traditional security controls using social engineering, with phishing attacks being a favored tactic. In fact, the FBI Internet Crime Report issued in 2022 reported phishing as the top reported internet crime for the past 5 years. Its ability to persuade individuals to divulge sensitive information to seemingly familiar contacts and companies over email and/or SMS text messages has resulted in significant data breaches, both personal and financial, across all industries. Mobile phishing, in particular, is quickly becoming a preferred attack vector among hackers seeking to use them as a jump point to gain access to proprietary data within a company’s network. This article provides an overview of the origins of phishing, its impact on businesses, the types of mobile phishing attacks hackers employ, and ways in which companies can best defend themselves against such attacks. The origins of phishing The belief among many in the cybersecurity industry is that phishing attacks first emerged in the mid-90s when dial-up was the only means of gaining access to the internet. Hackers posing as ISP administrators used fake screen names to establish credibility with the user, enabling them to “phish” for personal log-in data. Once successful, they were able to exploit the victim’s account by sending out phishing emails to other users in their contact list, with the goal of scoring free internet access or other financial gain. Awareness of phishing was still limited until May 2000 when Love Bug entered the picture. Love Bug, a highly effective and contagious virus designed to take advantage of the user’s psyche was unleashed in the Philippines, impacting an estimated 45 million Window PCs globally. Love Bug was sent via email with the subject line reading “ILOVEYOU”. The body of the message simply read “Kindly check the attached LOVELETTER coming from me”. Users who couldn’t resist opening the message unleashed a worm virus infecting and overwriting user’s files with copies of the virus. When the user opened the file, they would reinfect the system. Lovebug elevated phishing to a new level as it demonstrated the ability to target a user’s email mailing list for the purpose of spamming acquaintances thereby incentivizing the reader to open his/her email. This enabled the lovebug worm to infect computer systems and steal other user’s passwords providing the hacker the opportunity to log-in to other user accounts providing unlimited internet access. Since Love Bug, the basic concept and primary goal of phishing tactics has remained consistent, but the tactics and vectors have evolved. The window of opportunity has increased significantly for hackers with the increased use of social media (e.g., Linkedin, Twitter, Facebook). This provides more personal data to the hackers enabling them to exploit their targets with more sophisticated phishing tactics while avoiding detection. Phishing’s impact in the marketplace today Phishing attacks present a significant threat for organizations as their ability to capture proprietary business and financial data are both costly and time consuming for IT organizations to detect and remediate. Based on a |
| Envoyé | Oui |
| Condensat | $31 “kindly its on 2000 2022 90s ability able acceptable access accessible accomplish account accounts acquaintances across act activity actors administrators advantage against alerts all allow also although among amongst amount and/or android any appearing applications are article associated attached attachment attack attacks attacks: average avoid avoiding aware awareness bad balance based basic become becoming being belief benefit best better beyond billing bills bk1 blocking blog body both breaches bring bug business businesses but byod bypass calls campaigns can capture card challenges channel check codes com/2022/10/21/business combat come coming common communication companies company company’s comprehensive computer concept confidential consider consider: consistent consuming contact contacts contagious contributing controls copies corporate cost costly could couldn’t credentials credibility credit crime cyberattackers cyberattacks cybersecurity data dealing decryption defend defense demanding demonstrated denies department departments deploy designed desktops detect detection determine develop device devices dial disguises divulge draw due educate effective elevated email emails embedded emerged emerging employ employees enabled enabling encrypt encrypting encryption endpoint endpoints engineered engineering entered enterprise enticing escalated establish estimated even evolution evolved executive executives exploit extended external facebook fact fake falling familiar favored fbi file files finance financial first fleets following form forms fragmented fraud fraudulent free from fully future gain gained gaining geopolitically globally goal greatly guide hacker hacker’s hackers has have healthcare here high highlights highly his/her how https://ostermanresearch hybrid identify images impact impacting importance improved inbox incentivizing including including: incorporating increase increased increases individuals industries industry infect infecting inform information initiate internal internet introduction invite ios ironscales/ isp issued its itself jump key known laptops large launching legitimate less level leverage leveraged limited line link linkedin links list log login longer love lovebug loveletter made mailing mainstream make malicious malware many marketplace may maze me” means media message messages messaging method mid million minutes mobile month more most motivated mtd much multiple names nature network networks new not notifications now number obtaining occurring october offer often once one only open opened opening opportunity organization organizations origins osterman other others out over overview overwriting own owned paper paramount particular party passwords past patterns paying payment pcs per perform period person’s personal persons persuade philippines phishing phishing’s phishing: phishing: phone phony picture platforms point policies popular popularity poses posing potential potentially practical practices preferred present prevent primary prior privately privileges proprietary protection provides providing psyche purpose quickly quishing : random range ransom ransomware reach read reader reading recent reconnaissance reduce regulated reinfect relaxed remained remediate remote report reported research resist respective result resulted revealing risk road ryuk scan scoring screen sectors security see seeing seek seeking seemingly sending sensitive sent servers several shipping should significant significantly simply simulators since single situations smishing smishing: sms social socially solutions some sophisticated sort spamming spear specific spoofed spread steal strategy subject successful such survey system systems tactic tactics tactics: tailored take takes taking target target’s targeted targeting targets technologies template text them themselves then thereby these third those threat threats through time tips today tool tools top topic track tracking traditional trend trends trick twitter types unleashed unl |
| Tags | Ransomware Malware Tool Threat Prediction |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.