Businesses Require New Techniques to Combat Phishing
Posted: Sunday, Jul 04

i 3 Table of Contents

Businesses Require New Techniques to Combat Phishing
From KBI

The Verizon 2018 Data Breach Investigations Report provides valuable insights into emerging phishing threats. CISOs, IT managers and cybersecurity consultants should be aware of new phishing techniques this report raises in order to better manage the associated risk they bring.

The most exciting finding in this year’s report is the increased sophistication and prevalence of social engineering. Cybercriminals have taken social engineering to a new level by NOT using malicious file attachments or hyperlinks in emails. Rather, criminals impersonate a person of authority, colleague or business partner. They establish trust by communicating with the victim over time and then ask the victim to pay a bill, send money or take other actions that can be monetised.

The other notable detail in the report is that the majority of malicious file attachments are not executable files but script files such as JavaScript, VB Script, Microsoft Office documents and PDFs. Malicious script files with malicious code are easily and inexpensively changed to bypass traditional email filters. Hence these scripts should be neutralised by an email gateway.

Lastly, the report states that 37% of malware hashes appear once, never to be seen again. This means that traditional antivirus software or spam filters are not capable of identifying and blocking phishing emails with malicious code inside. The only should have a malware sandbox instead to analyse the file attachments for malicious intent before they hit the recipients’ mailboxes. An effective way to detect these threats is to run them through a malware sandbox.

>> Read the full report here <<

* * *
The Production Team
The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.
Share This