You’ve Got Mail
From high-profile nation-state actors to average internet criminals, Phishing has become an important tool in the toolsets of malicious actors. Here is an interesting statistic. According to cybersecurity firm Cofense(formerly FishMe) report from 2016, 91% off all cybersecurity breaches and attacks start with a Phish. All of this is only further exacerbated by the Covid-19 crisis that massively increased everyone's exposure to the threat of Phishing.
A brief look at the History of fishing starts with America Online(AOL) the biggest internet provider in the USA at that time in the late 90s. Where AOL's instant messenger and email systems were used to distribute fake phishing emails that prompted users to "confirm" their billing information. Further developments didn't come until the early 2000s where the introduction of internet marketplaces like eBay and online payment platforms such as PayPal and now-defunct E-Gold made phishing scams more lucrative. Perhaps the most worrying development in phishing tactics was the beginning of its use as a platform for ransomware pioneered by Cryptlocker in 2013. This new trend has been on a steady rise with infamous examples including, names such as Locky or Wanacry later Petya and many others.
But phishing isn't just a tool of petty internet scammers. It has been used by both nation-state actors and large cybercriminal operations to target governments and multinational corporations. And it's not always money that is the goal of a phishing campaign. Some of the most famous cases include The Sony Pictures hack in 2014 that targeted the upper echelon of company management and exposed confidential information that led to a reported loss of around 100 million dollars. Another import one was an attack on Ukrainian Power grid, as one of the employees clicked a malicious phishing link that let to eventual temporary shut down of the power grid this one of the rare instances of an attack causing a major power outage.
With the current crisis forcing everyone online, awareness and protection against internet threats, especially phishing has become a necessity for increasing number of people. But how do you actually go about it?
Fundamentally there are two ways, first is to educate yourself on the basics of phishing methods, probably the best guide can be found on the site phishing.org. Of course, the theory is one thing but practical experience is also very beneficial, for this, you can find many phishing tests online. Second is use can also use dedicated software for protection more information in this article.
Stay safe and stay vigilant.
Sources:
https://cofense.com/wp-content/uploads/2016/07/PM-Overview.pdf
Komentáre
Zverejnenie komentára