Archives for November 2015

Why phishing attacks are nastier than ever

Roger Grimes explains “Why phishing attacks are nastier than ever.”  Here are they key reasons why many infosec professionals consider spearphishing emails the number one attack vector:

  • The attack is handcrafted by professional criminals
  • The attack appears to be sent by someone you know
  • The attack includes a project you are working on
  • Your attacker has been monitoring your company’s email
  • Your attacker can intercept and change emails as needed
  • Your attacker uses custom or built-in tools to subvert antivirus software
  • Your attacker uses military-grade encryption to tunnel your data home
  • Your attacker covers their (sic) tracks
  • Your attacker has been in your environment for years
  • Your attacker is not afraid of being caught

Roger does have some good administrative process recommendations. I would also recommend a couple of advanced technical controls.