Thursday, December 10, 2015

You can never get enough phishing time

We’ve mentioned phishing in past but spear phishing is a variant that aims to target specific individuals, typically after much research / preparation conducted on select recipients to-be.  So, much more directed /customized message to folks that have more or critical access to the crown-jewels AKA confidential data, technology and business secrets/IP.  With the proliferation of social media, your LinkedIn account along with your Facebook or Twitter and Google+ can be a gold mine for profiling you and the would-be downstream intended targets connected to you.  Reconnaissance is just the start and the digital trace of where you are, go, publish, and behavior on the Internet is key to your worth.
Rate of success has increased and more difficult to detect.  According to Symantec , the average number of spear phishing spiked 42 per day in January 2016 from 33 just last December (proportionally rising to 1 in every 1,004 emails).  Like phishing, these emails tend to be accompanied by an attachment and numbers show 46% were .doc files (up from 26% in December vs. January).  Additionally, the favorite targeted organization show to be 1-250 and 2500+ employees with respectively, 35% and 32% of the cases (with Finance, insurance and real estate leading the pack at 29% followed by manufacturing at 21% then, wholesale at 12% industries).

Good practices and safety extends beyond corporate compliance in an organization. Cyber safe practices must be carried through your personal / social forums by limiting what you post specifically about yourself and the organizations you work for, and remember what you post on-line can be shared and go viral particularly in the dark web. Organization can help build awareness by providing relevant security training (perhaps based on employee behavioral analysis), rewarding good behavior instead of punishing bad ones, soliciting/collaborating with marketing and sales team, and of course, routine penetration testing.
For a good overview of social engineering red flags, check out Knowbe4’s pictorial example.

3 comments:


  1. Bilgisayar oyunlarına ilgi duyanlar için en iyi kaynaklardan biri olan siteye göz atabilirsiniz. Eğer yeni oyunlar denemek veya sevdiğiniz oyunu tekrar indirmek isterseniz, oyun indir pc konusunda güvenilir bir adres arıyorsanız, burası sizin için uygun olabilir. Ayrıca, siteyi ziyaret ederek farklı kategorilerdeki oyunlara kolayca ulaşabilirsiniz. Her zaman güncel ve güvenilir içerik sunmayı amaçlayan bu platform sayesinde aradığınız oyunları rahatlıkla bulabilirsiniz.

    ReplyDelete
  2. 09D1FD5DB8
    Many customization options are available for personalized designs, making each product unique. If you're interested in high-quality printing, consider trying a dtf transfer method, which offers vibrant and durable results. This technique is perfect for creating detailed and long-lasting images on various surfaces. Whether for personal use or business, exploring different transfer options can enhance your creative projects.

    ReplyDelete