Cyber Defense eMagazine December Edition for 2021

More documents

Recommendations

Info

Can Your Cybersecurity Culture Stand Up to the Latest Spear Phishing Techniques? By Josh Yavor, Chief Information Security Officer, Tessian Gone are the days of bulk spear phishing attacks, where hackers send scam emails and malicious attachments to as many people as possible and hope for a bite. Spear phishing techniques are growing more targeted and sophisticated, according to new data from Tessian that sheds light on the latest attack methods. Tessian’s report analyzed two million malicious emails that bypassed traditional email defenses like secure emails gateways within the past year. It found that hackers are targeting employees with more tailored emails that reap big rewards, like wire transfer fraud. Account takeover attacks are also a major threat that costs businesses $12,000 on average. With emails bypassing defenses, humans are left as organizations’ last line of defense against these email scams. But it’s unreasonable to expect each employee to be a cybersecurity expert and identify these attacks every time. Instead, organizations must build a strong cybersecurity culture that encourages people to flag suspicious activity and empowers them with the tools they need to stay secure Cyber Defense eMagazine – December 2021 Edition 60 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
on channels like email. This starts with understanding the latest threats and building a cybersecurity culture around them. The State of Spear Phishing Who is being targeted and when? Tessian’s report found that the average employee receives 14 malicious emails per year, but that number jumps significantly for highly targeted industries. For example, retail employees received 49 malicious emails per year, while manufacturing employees received 31. Those sectors are also experiencing staffing shortages from The Great Resignation, leaving employees stressed, distracted and potentially more vulnerable to falling for a scam. These risks must be prioritized as companies navigate hiring and turnover challenges. Bad actors try to trick employees by sending malicious emails in the late afternoon, hoping to slip past a tired or distracted employee. The most common times for spear phishing emails to be sent was 2 p.m. and 6 p.m. Bad actors also take advantage of the holidays by offering “too good to be true” deals. The biggest spike in malicious emails came immediately before and after Black Friday. What’s the latest attack playbook? Impersonation techniques continue to be a go-to strategy in the spear phishing playbook. Tessian found that display name spoofing was the most common tactic, found in 19% of malicious emails. These attacks use deceptive display names on an email to mislead employees. For example, a display name might show the first and last name of the company's Chief Financial Officer requesting a wire transfer. While the email address itself may still look suspicious, a recipient often only looks at the name of the sender and could mistake it for a legitimate request. Domain impersonation, on the other hand, happens when bad actors secure a domain that looks like it belongs to a legitimate business. This technique was used in 11% of malicious emails. The brands most likely to be impersonated were Microsoft, ADP, Amazon, Adobe Sign and Zoom. What are bad actors after? Tessian’s analysis found that tricking users into downloading malware remains a common motive of phishing emails. Malicious links still prove to be a popular and effective technique, with almost half (44%) of malicious emails containing a URL. Our researchers found more emails related to wire transfers than credential theft, suggesting cybercriminals are still largely focused on financial gain. For example, they’re more likely to try to steal money by impersonating a vendor and requesting a payment than by posing as an IT person requesting an employee’s password. Cyber Defense eMagazine – December 2021 Edition 61 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
9 Ways Social Media Sabotages Your
Page 3 and 4:
How Do You Secure the Modern Supply
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - December
Page 9 and 10: Cyber Defense eMagazine - December
Page 39 and 40: With over 4 billion users, social m
Page 41 and 42: Unsecure Mobile Networks When using
Page 43 and 44: However, as concerning as these pra
Page 45 and 46: Danny Lopez, CEO, Glasswall “Duri
Page 47 and 48: estoring data. Modern organizations
Page 49 and 50: When Diplomacy, Finance and Tech Co
Page 51 and 52: Another way leaders can take initia
Page 53 and 54: How Covid-19 Changed Advertising Fo
Page 55 and 56: However, this shift might not be su
Page 57 and 58: Why MFA Alone Isn’t Enough for Tr
Page 59: just highlights how vulnerable most
Page 63 and 64: 3 Best Practices to Avoid Inevitabl
Page 65 and 66: For example, an employee may become
Page 67 and 68: and outcomes is essential for proje
Page 69 and 70: Electric Vehicle Charging: The Next
Page 71 and 72: Going forward, EV dealers, charging
Page 73 and 74: How does this relate to MFA? Well,
Page 75 and 76: constant exposure of countries to a
Page 77 and 78: Why do you need a malware sandbox?
Page 79 and 80: Multi-Cloud Security and Compliance
Page 81 and 82: If security controls are not consol
Page 83 and 84: How Do You Secure the Modern Supply
Page 85 and 86: The case for isolation Supply chain
Page 87 and 88: Don’t Take Yourself Out of The Ga
Page 89 and 90: The U.S. Government Accountability
Page 91 and 92: assessment criteria for the tasks f
Page 93 and 94: the file. This was a great techniqu
Page 95 and 96: the wake of the pandemic where the
Page 97 and 98: Certain communications are protecte
Page 99 and 100: At Salt Communications we work with
Page 101 and 102: And it’s only getting worse. If y
Page 103 and 104: The benefits are great When HDOs ha
Page 105 and 106: 4 Pillars of Privacy-Preserving AI
Page 107 and 108: concern and a desire to be cautious
Page 109 and 110: and stay safe online. That’s why
Page 111 and 112:
2. Enabling over-the-horizon threat
Page 113 and 114:
Techniques Used by Hackers to Bypas
Page 115 and 116:
Phishing scams avoid email security
Page 117 and 118:
ATO Detection Account takeover bene
Page 119 and 120:
How To Protect Your Digital Legacy
Page 121 and 122:
I worked with cybersecurity experts
Page 123 and 124:
Sextortion Email Scams What to Do a
Page 125 and 126:
Sextortion attacks are a type of cy
Page 127 and 128:
How to respond to a sextortion emai
Page 129 and 130:
Example 2:'You've been hacked' emai
Page 131 and 132:
How can this strategy be implemente
Page 133 and 134:
Surviving The New Era of Terabit-Cl
Page 135 and 136:
accompanying shift toward more digi
Page 137 and 138:
Survey results show businesses are
Page 139 and 140:
Enterprises Cannot Achieve Zero Tru
Page 141 and 142:
Capital One breach back in 2019. Ad
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
CyberDefense.TV now has 200 hotseat
Page 163 and 164:
Books by our Publisher: https://www
Page 165 and 166:
Page 167 and 168:
show all

Cyber Defense eMagazine December Edition for 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?