In this concluding post on the topic of Spear Phishing, allow me to share something which happened to one of our clients last week.
One of the dangerous issues we currently face with spam emails is that of spear phishing – a type of phishing spam email targeted at the recipient. While most spam deploy a shotgun approach (send billions of emails and see what sticks), spear phishing attacks are specifically aimed the recipient, requiring hackers to do homework on the targeted victim. It is by no means random.
If it hasn’t already been dubbed “The Year of Ransomware,” 2016 is well on its way to earning that title. Even though ransomware has been around since 1989 (starting with the AIDS Trojan), we’ve seen a spike in the number of incidents over the past couple years that has left us wondering: Why ransomware? Why now?
Cybersecurity experts from Network Box USA, Proficio and Securonix commented on news that a 2012 breach of LinkedIn member information was much larger than originally reported, and that the data is available for purchase online.
“If the hackers are stealthy and not cocky, a small, slow leak of data from a database may, on the surface, appear to be a simple query, and finding out the data is actually being stolen, will be hard,” [Pierluigi] Stella said.
The way security should ideally be approached is by integrating it within the business processes as, for instance, process plants do with their physical security. You don’t walk into a refinery and define a new business process without keeping very closely in mind that the whole plant might blow up if you aren’t careful.
The general issue of security needs to be put into proper perspective – anything made by humans can, and will be, broken by humans; and in reality, those who break always have an advantage – they’re working with something that exists, and have the luxury of time to try and figure out how to break it.