Breaches Often Start With Phishing!

"Most of today’s data breaches start with a phishing email, giving company-confidential data to malicious outsiders. This is a real problem that companies need to address.

Phishing attacks are the most frequently used form of social engineering. They work because they take advantage of cognitive biases, or how people make decisions. These techniques prey on human emotion by appealing to greed, curiosity, anxiety or trust.

Phishing means that attackers are fishing for your private information. Attackers attempt to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Many times this is done to steal a victim’s login credentials and other confidential information. Phishing continues to grow and become more widespread with attacks up 37% year over year, and 1 in every 300 emails on the web containing elements pointing to phishing.

Phishing attacks can result in compromised client systems. Here are some different consequences of phishing that can impact your network:

Browser exploitation - Browsers and their plug-ins contain vulnerabilities that can be exploited simply by visiting a malicious website. An attacker can send an email with a link, which brings the user to a malicious website (which is often designed to look like a legitimate site.) Just by visiting that site the user’s browser and machine would be compromised and the attacker would have full access to the user’s computer. In addition, a completely legitimate website can be attacked to become malicious. So a user could be browsing a legitimate website that’s been attacked on the back end and injected with malicious code, which then exploits their browser.

File format exploitation – Opening a malicious email attachment is another way to trick users. Attachments are typically PDFs or Office files because those applications are widely distributed and widely used across platforms, and the chance that the recipient can read that kind of file is higher. Once the malicious attachment is opened it exploits vulnerabilities in a given application.

Executable exploitation – This exploit uses another form of email attachment, an executable file (ending in .exe) that runs when the user clicks on it. It is programmed to operate without needing a vulnerability in the program. Although .exe files are quite often blocked by email security features, there are other types of executables. For example, JAR (Java Archive) files end in .jar, rather than .exe, but they can still execute a malicious file when you double click on them." 

By, Rapid7