Businesses Require New Techniques to Combat Phishing
by Gabor Szathmari

The Verizon 2018 Data Breach Investigations Report provides valuable insights into emerging phishing threats. CISOs, IT managers and cybersecurity consultants should be aware of new phishing techniques this report raises in order to better manage the associated risk they bring.

The most exciting finding in this year’s report is the increased sophistication and prevalence of social engineering. Cybercriminals have taken social engineering to a new level by NOT using malicious file attachments or hyperlinks in emails. Rather, criminals impersonate a person of authority, colleague or business partner. They establish trust by communicating with the victim over time and then ask the victim to pay a bill, send money or take other actions that can be monetised.

The other notable detail in the report is that the majority of malicious file attachments are not executable files but script files such as JavaScript, VB Script, Microsoft Office documents and PDFs. Malicious script files with malicious code are easily and inexpensively changed to bypass traditional email filters. Hence these scripts should be neutralised by an email gateway.

Lastly, the report states that 37% of malware hashes appear once, never to be seen again. This means that traditional antivirus software or spam filters are not capable of identifying and blocking phishing emails with malicious code inside. The only should have a malware sandbox instead to analyse the file attachments for malicious intent before they hit the recipients’ mailboxes. An effective way to detect these threats is to run them through a malware sandbox.

>> Read the full report here <<

* * *

Author’s Links

Gabor Szathmari

Share This