Many times, hackers use vulnerabilities and exploit kits to break into victim systems. But to be there Human intervention is also needed for greater success. According to Proofpoint's annual report, 99% of hacking campaigns are based on human error, that is, they open malicious attachments.
Of course, it is not right to blame users for falling victim Phishing attacks. Hackers have evolved their techniques and their attacks are increasingly complex. Many times, it's hard to distinguish a malicious email from a normal one. Cheats do what they can to make the message look normal. In addition, they ensure that the email comes from a trusted person, friend, colleague, manager, or acquaintance company or service such as microsoft or h Google etc.
This technique, the social engineering, is very essential for successful attacks.
In addition, Proofpoint's report showed that hackers, before attacking, learn some basic things about the victim's work and day-to-day life. They do this to act in a way that will not raise suspicion and increase their chances of success. For example, if they send an email in the middle of the night, which is supposed to come from the manager, it may look suspicious (if the manager doesn't get used to sending at night). But if you send it during work it would seem normal.
Phishing attacks are one of the most effective attacks in cyberspace. Many hackers prefer it because it is cheap, easy and they have great success rate.
Kevin Epstein, vice president of online threats at Proofpoint, said cybercriminals are choosing to attack this method because sending fake emails with malicious attachments and theft credentials it is much easier and more profitable to create a costly and time consuming exploit, which in the end may not be successful.
He then said: "To reduce risk significantly, organizations need it a holistic approach to safety in cyberspace, which will include effective training and awareness raising of employees on security and multilevel defense».
Hackers are evolving their techniques to make emails look legitimate and normal. However, a suspected user can detect malicious activity.
For example, emails that come unannounced and ask for something to be done immediately (that is, something urgent) can be suspicious. If the user or employee not sure, he can contact the sender to see if all is well.
In addition, in case the email comes from a cloud service, users should know that Microsoft or Google do not require users to enter unrelated links and put their credentials.
Finally, businesses and companies should take care of the security of their systems while doing so regular updates and using protection programs in order to avoid any malice software in case an employee opens a malicious attachment.
How useful was this post?
Average rating / 5. Vote count: