91% of CyberAttacks Begin with Spear Phishing
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
Threat Number One: Spear Phishing
A whopping 91% of cyberattacks and the resulting data breach begin with a “spear phishing” email, according to recent research from security software firm Trend Micro. This conclusively shows that end-users really are the weak link in IT security.
You may have asked yourself what it takes to send a spear phishing attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send a spear phishing attack, and then we’ll look at steps to mitigate this threat. For the (simplified) attack steps I am freely borrowing from a great blog post by Brandon McCann, a pentester at Accuvant Labs which is a business partner of ours.
I will try to keep this as non-technical as possible, but there will be a few terms you may have to look up. Here are the steps to begin with, don’t fall asleep! We will go into all of these one by one and explain what they mean.
•Identify Email Addresses
•Antivirus Evasion
•Egress Filtering
•Spear Phishing Scenario
•Sending The Spear Phishing Emails
•Harvesting Treasure
This excerpt appears with permission from knowbe4.com.
