Skip to content
+1 512 696 1522
Facebook page opens in new windowTwitter page opens in new window
LUCY Security
LUCY Security
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)
  • Home
  • Solution
    • Overview
    • Attack Simulation
    • Test Infrastructure
    • Awareness Training
    • Engage Employees
  • Editions
  • Resources
    • Custom Awareness Video
    • Partners
    • Distributors
    • Support
    • Video Library
    • Documents
    • Course Overview
  • About
    • About us
    • Contact
    • News and press
      • Dark Web Analysis
    • Connect 2020
    • Careers
    • Upcoming Events & Webinars
  • English (English)

NEWS AND PRESS

Jan302019
BlogNewsPress

As 2018 drew to an end, many cybersecurity reports published their findings on the most common types of attacks that targeted small and large organisations. Let’s take a closer look at an evergreen method of cybercrime, social engineering and more specifically phishing.

Social engineering focuses on human interaction and its aim is to take advantage of manipulating people into giving up confidential personal and/or company information for malicious reasons.

Phishing is the most common vector of cyberattacks and via the use of emails, criminals can extract valuable personal information or login credentials, which can come pricey for organizations when a data breach or incident happens and affects them. Spear phishing is an even more targeted form of phishing, where the attacker will personalise their attack to their victim by doing extensive research on their target in advance to make the attack more likely to succeed.

Phishing attacks are on the rise year by year as hackers and their techniques become more sophisticated. The focus in 2018 shifted from private people to more and more attacks targeting businesses.

“Overall, phishing attacks in 2018 were up from 2017. In addition, more organizations were affected by all types of social-engineering attacks (phishing, spear phishing, SMS phishing, voice phishing, and USB drops) year over year.

“Infosecurity professionals reported a higher frequency of all types of social engineering attacks year over year. Phishing increased to 83% versus 76%. Spear phishing increased to 64% from 53%.”

(Source: Proofpoint: Annual state of Phish report)

 

Why is phishing so attractive?

Phishing’s popularity is mainly due to the fact that it only requires a limited amount of technical know-how. Instead, it relies on understanding basic human nature in order to anticipate their target’s reaction to an attack and thus maximize its success. It yields maximum profit for the attacker with minimum effort. In addition, most companies and individuals tend to trust and rely too much on technical measures in protecting against phishing attacks and overlook the human factor of cybersecurity.

 

The human factor

It is one of the biggest threats to cybersecurity nowadays, only second to Malware. A recent report by Kaspersky Lab states that 52% of business are worried about data breach stemming from their employees and acknowledge that they (especially non-IT employees) are the weakest link to their cybersecurity strategy.

Another report by Symantec (2018 Internet Security Threat Report (ISTR), 54.6% percent of all email is spam and the average user receives 16 malicious emails a day. That means a lot of opportunity for human error to sneak in and wreak havoc.

“Against the backdrop of a complex and growing cyber threat landscape, where 57% of businesses now assume their IT security will become compromised, businesses are also waking up to the fact that one of the biggest chinks in their armor against cyberattack is their own employees. In fact, 52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.”

 

Exploiting fear and obedience

Hackers like to rely on inducing fear with their phishing campaigns and as a result prompt a careless response from an employee. Say, an email from the bank informs about the company account being compromised. Many employees would worry about the consequences they might face if the problems aren’t solved fast and therefore they’ll often be too rash to comply without questioning cyber security campaigns whether the request is really legitimate. The hackers usually add a sense of urgency to further manipulate the victim to obtain a quicker result.

Another trick of attackers aims at employee’s readiness to obey instructions coming from cybercriminals posing as executives. Attackers use spoofing to create credible looking email addresses and employees rarely think twice to question the legitimacy of such emails.

CEO fraud or Business email compromise (BEC; formerly known as man-in-the-email-scams), is such an impersonation attack. They usually target employees who have access to company finances or who have the authority to conduct wire transfers from company accounts. They then trick these employees into transferring money that ends up in the attacker’s account. If they can get hold of login details, they can use these to steal sensitive company data and sell it on the dark web.

An example for this was reported on trendmicro.com:

“On March 8, scammers sent a BEC email to the Amsterdam branch managing director. The email, which impersonated Pathé’s chief executive, asked the managing director to make a confidential payment of over US$900,000. Although the managing director forwarded the email to an assistant and discussed it with the finance director, the email was not spotted as a scam and eventually led to five consecutive money transfers cyber security awareness information to scammers in less than a month. Pathé’s losses due to the scam may be the biggest reported stolen amount from a single company for this year.”

(Source:https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/year-end-review-business-email-compromise-in-2018 )

 

Phishing attacks will continue to become more targeted in 2019 to match organizations and users and the one of the crucial ways to protect against them is not ignoring the importance of the human factor.

A combination of technology and employee awareness training should be in the foreground in an effort to protect against social engineering and phishing attacks. Security can be improved by setting and enforcing clear policies to continuously train and educate employees on current and emerging social engineering threats.

Categories: Blog, News, PressBy adminJanuary 30, 2019
Share this article
Share on FacebookShare on Facebook TweetShare on Twitter Pin itShare on Pinterest Share on LinkedInShare on LinkedIn Share on WhatsAppShare on WhatsApp

Author: admin

Post navigation

PreviousPrevious post:Superior employee awareness available thanks to the partnership between LUCY Security AG and HvS-Consulting AGNextNext post:Phishing techniques: are you able to unmask them?

Related Posts

New LUCY Security Release 4.8.4
January 3, 2022
LUCY Security presents User Awards 2021
December 27, 2021
LUCY Security presents international Partner Awards 2021
December 17, 2021
LUCY Software NOT affected by the Log4j Bug
December 13, 2021
New LUCY Security Release 4.8.3
November 10, 2021
LUCY Security Acclaimed by Frost & Sullivan for Developing Security Awareness Training (SAT) Solutions with Its E-learning Platform
November 9, 2021
Recent Posts
  • New LUCY Security Release 4.8.4
  • LUCY Security presents User Awards 2021
  • LUCY Security presents international Partner Awards 2021
  • LUCY Security at ASIS Europe 2022 in Prague from May 22-24
  • LUCY Software NOT affected by the Log4j Bug
Archives
  • January 2022
  • December 2021
  • November 2021
  • August 2021
  • May 2021
  • April 2021
  • March 2021
  • January 2021
  • December 2020
  • September 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • July 2019
  • May 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • June 2018
  • March 2018
  • November 2017
Categories
  • Blog
  • Event
  • Local Event
  • News
  • Press
  • ReleaseNote
  • Resources
  • TechBlog
  • Video
CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

CONTACTS

Address: Europe
Lucy Security AG
Chamerstr. 44 | 6300 Zug | Switzerland

Address: North America
LUCY Security USA
13785 Research Blvd
Suite 125
Austin, TX 78750

SEARCH
CONNECT

Find us on:

Facebook page opens in new windowTwitter page opens in new windowYouTube page opens in new windowLinkedin page opens in new window
INFORMATION
  • Home
  • Solution
  • Editions
  • Resources
  • About us
  • Support Wiki
  • Contact
  • Demo request
LANGUAGE
  • English
LUCY Security
All Rights Reserved 2022











Noted in the press

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Privacy PolicyCookie PolicyACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.