Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. While organizations continue evaluating and investing in their technology-based security layer, the human layer continues to be the most enticing and vulnerable attack vector. This marks the sixth consecutive year that KnowBe4 has analyzed hundreds of millions of data points in order to provide our annual Phishing by Industry Benchmark Report.

Cybercriminals often use phishing emails to get you to click on malicious links or attachments. Clicking on these scams can trigger a malware infection that places all your sensitive data at risk of becoming compromised. Before deciding to click on an attachment, you should make sure it’s safe to open.

A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan. “A central part of any conference for a company is to garner interest for their company,” Fuchs explains. “Many conferences will give over lead lists for companies to follow up on. This can be a significant source of potential revenue for companies. This is not the usual fare for hackers.

Phishing attacks are a major cyber threat that continue to evolve and become more sophisticated, causing billions of dollars in losses each year according to the recent Internet Crime Report. However, traditional offline or inline phishing detection engines are limited in how they can detect evasive phishing pages. Due to the performance requirements of inline solutions, they can only target specific campaigns and, at best, act as a basic static analyzer.

Microsoft describes a sophisticated phishing campaign that targeted several financial organizations. “Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations,” the researchers write. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations.

New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it. Cybercriminals know the more targeted a phishing attack – from the email theming to the impersonation to the intended victim – the more likely the attack will be a success.

The recent discovery of a zero-day vulnerability in a well-known email security product further underscores the importance of robust email security that can effectively counter advanced email threats, offer a defense-in-depth approach, and operate in the cloud or on-premises. To start, if you believe you have suffered a breach, Trustwave’s Digital Forensics and Incident Response (DFIR) is ready and online to take your call and start helping your organization recover. Click here.

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.