Wednesday, 9 December 2015

Spear phishing cyber attacks successful 17-35% of the time

In mythology mermaids would lure sailors onto the rocks with the beauty of their singing.

Today spear phishers target companies and individuals with custom made malware that provides full system access. This is delivered mostly via email which appears legitimate and entices the receiver to click on a link of some kind in return for information or reward.

Once clicked systems can be completely taken over and valuable IP taken and the reputation of the company trashed.

As the attack is custom made automated detection systems mostly miss the threat as they cannot by definition exist on any previous scanning database

No real surprise then that according to Arun Vishwanath, Associate Professor at the University of Buffalo, these attacks are so successful. In 2014 there were apparently 400 million cyber attacks in the USA so the scale of this threat is huge (a favourite term of that odd man Donald Trump)

The easiest defence against spear phishing  is never to open an email from someone you don't know and most particularly not to click on links of files within that email. It is also necessary to check exact email addresses as spear phishers are keen on email addresses that look very similar to addresses you might know.

That coming awareness will badly damage email marketing and introduce some healthy caution into how companies and individuals manage their digital affairs. Slapping on a free anti-virus and hoping for the best will start to look negligent.

No comments:

Post a comment