13 June, 2018
Cyber criminals still enjoy success deploying simple phishing techniques. Here’s what companies can do to improve their defenses
Defenders had their hands full fending off zero-day attacks in 2017, with the EternalBlue and EternalRomance exploits—part of the cyber toolset reportedly stolen from the U.S. government—fueling the spread of two massive ransomware campaigns, WannaCry and NotPetya.
Yet, the most serious threat to companies—targeted attacks—used a much simpler, and yet effective, technique: Spear phishing. And it remains a popular mode of attack. The latest edition of Symantec's Internet Security Threat Report, which found that 71% of the targeted attacks detected by the company last year used spear phishing to nab the targeted user's credentials.
"When we are talking about a targeted attack, and you want to go after a specific person, phishing really works well," said Kevin Haley, director of product management for Symantec's Security Technology and Response group. "So why go through the trouble of trying to use a zero day? Why try to set up a website? Why try to do something elaborate and expensive and difficult, when you can send an e-mail and it is going to work?"