New Cyber Squadron ‘tip of the spear’ in military defense
|
Tag Archive for: Spear
Spear phishing tough to block, even when using automation tools
/in Mobile SecurityTrying to filter out phishing emails is tough work, even for organizations trying to find a better way through automation, according to a new study from security software company GreatHorn.
The company makes software that seeks out phishing attempts and can autonomously block them, but even its customers don’t switch on all the features, according to GreatHorn’s study of how customers dealt with just over half a million spear phishing attempts.
The most common autonomous action, taken a third of the time against suspicious emails, was to alert an admin when a policy was violated and let them decide what to do. This option is also chosen in order to create a record of potential threats, the company says. Another 6% of emails trigger alerts to the recipients so they can be on the lookout for similar attempts.
To read this article in full or to leave a comment, please click here
At Black Hat: A free tool for spear phishing Twitter
/in Mobile SecurityA spear phishing tool to automate the creation of phony tweets – complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.
Called SNAP_R (for social network automated phisher with reconnaissance), the tool runs through a target Twitter account to gather data on what topics seem to interest the subscriber. Then it writes a tweet loaded up with a link to a site containing malware and sends it.
More on Network World: FBI needs to beef-up high-tech cyber threat evaluations says DoJ Inspector General+
To read this article in full or to leave a comment, please click here
New tool from Cloudmark is designed to defend against spear phishing
/in Computer SecurityThis column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
The nature of how cyber attacks start is changing. Today’s malicious actors are not merely opportunistic, they know what information they want and who to target to get at it. For example, the 2014 breach at JP Morgan reportedly began when an IT employee opened a specially-crafted email and was tricked into providing credentials to a vulnerable internal machine. Attackers used the privileges of that person’s credentials to move around the network until they were able to find and exfiltrate 83 million records in one of the largest data breaches of the year.
To read this article in full or to leave a comment, please click here