As the business world continues to grapple with an expanding definition of new normal, the phishing attack remains a common tactic for attackers. Why are phishing attacks still happening? How can we prevent them? We spoke to a threat analyst who has the answers.
In May 2020, X-Force research uncovered a precision-targeting (or spear phishing) attack on a German multinational corporation connected with a German government-private sector task force in the race to procure personal protective equipment (PPE).
Those threat actors targeted more than one hundred high-ranking executives in management and procurement roles. They reached out within their target group as well as to its third-party partners. Overall, X-Force observed about 40 targets. It’s likely that other members of the task force could be targets of interest in this malicious campaign as well. This shows the way we need to be more vigilant about what angles attackers could use.
Phishing: Still Common After All These Years
The sophistication required for the PPE attack is certainly important. However, most spear phishing attacks can be carried out with only a few clicks. For cyber criminals, launching a phishing attack is easier than ever. Therefore, it is critical for the enterprise to gain the awareness needed to avoid becoming targets.
Prefabricated phishing kits on the dark web streamline the workflow for threat actors. For example, look at the recently discovered package called LogoKit. It automatically pulls the victim company’s logo from Google’s photo search to display on the fake phishing login page.
“Unfortunately, the entry barriers are lower than ever with easy-to-use kits being sold on cybercrime forums for as little as a couple of ..
Support the originator by clicking the read the rest link below.
