{"id":7077,"date":"2014-10-23T05:00:43","date_gmt":"2014-10-23T12:00:43","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=7077"},"modified":"2016-12-09T11:13:20","modified_gmt":"2016-12-09T19:13:20","slug":"knowledge-power-using-cyber-scrutiny-defend-phishing-attacks","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2014\/10\/knowledge-power-using-cyber-scrutiny-defend-phishing-attacks\/","title":{"rendered":"Knowledge Is Power: Using Cyber Scrutiny To Defend Against Phishing Attacks"},"content":{"rendered":"

If you purchased an iPhone 6 recently, you probably received this email:<\/p>\n

\"apple<\/span><\/div><\/a><\/p>\n

Some of you may have even clicked the \u201cVerify Now\u201d link and entered your Apple ID account information. I hope not, though, because this email is not<\/em> from Apple. It\u2019s a phishing email meant to trick recipients into giving sensitive information to the attacker who sent it.<\/p>\n

This email illustrates two things:<\/p>\n

    \n
  1. Attacks are more sophisticated as cybercriminals get smarter and craftier.<\/li>\n
  2. An increased level of understanding regarding cyber attacks is needed, not just within the corporate community, but within the general public as well.<\/li>\n<\/ol>\n

    The market for enterprise network and cybersecurity grows each year highlighting the emphasis companies are putting on preventing modern threats from infiltrating their internal networks. However, the impetus is focused on technological preventative measures. Could an education in cybersecurity \u2014 who the attackers are, what they\u2019re after, and the appropriate level of scrutiny that should be practiced \u2014 significantly bolster an enterprise\u2019s cyber defense?<\/p>\n

    Yes. In 2011, RSA was the target of a spear phishing attack<\/a> made successful by at least one employee opening the malicious attachment even after their spam filter had correctly placed the email in the \u201cjunk\u201d folder. RSA suffered a data breach as a result.<\/p>\n

    \u201cAt least RSA\u2019s SPAM filters were working, even if their social engineering training for employees was not,\u201d -Avivah Litan, Gartner Analyst<\/h5>\n

    More recently, a spear phishing attack targeting physicians at a Tacoma-based medical group<\/a> led to the breach of 12,000 patient records. Emails were crafted to appear as though they were sent from the group\u2019s parent company, and prompted targets to click on a link and enter their email account username and password. The group has since rolled out a company-wide phishing prevention system, including retraining the employees who fell for the initial phishing email.<\/p>\n

    Spear phishing attacks are:<\/p>\n

    Lucrative. <\/strong>The black market for data is huge, estimated at multiple billions of dollars, meaning that the person or organization behind the attack may not actually use what they steal to make money. Unfortunately, this also means they\u2019re more difficult for authorities to track down.<\/p>\n

    Successful.<\/strong> Because hackers take pains to get their targets to fall for their schemes, they know what company and department you work for, what applications you use, who you report to, and what kinds of projects you\u2019re likely working on. They know which job titles are likely uninformed or unwary of potential threats. This makes spear phishing campaigns one of the most highly-favored APT attack methods.<\/p>\n

    Simply a means of getting in.<\/strong> Once a target is duped into clicking a link, opening a file, etc., the attacker can carry out his mission, whether it\u2019s stealing personal information, using a target\u2019s personal account to transfer money, extract intellectual property or insider information.<\/p>\n

    A real threat to both corporate and consumer spheres.<\/strong> Both have data that attackers want to use to make money, and most people who work for targeted companies have a home computer or mobile device for personal use that is not<\/em> protected by enterprise network or endpoint security policies.<\/p>\n

    Recognizable\u2026 <\/strong>sometimes, if you know what you\u2019re looking for.<\/p>\n