The most dangerous attack vector in cyber security today is a phishing attack. Phishing has been named as the key element in almost every social engineering attack, it has been tied to both the Sony and Target breaches, and it has played a major role in other major and minor attacks on various brands and organizations.
Researchers at the University of Buffalo conducted a study using "information-rich" phishing emails. These are emails equipped with logos and graphics recognizable to the recipients as well as carefully crafted text to sound both personal and fear-invoking, with a deadline included to drive an action. The following quote describes the emails:
The phishing email was made to look like it came from the University's IT department, and said that there was an error in their student email account settings. They were asked to follow an enclosed link to access their account settings in order to solve the problem, and were instructed to do it fast, as access to their account would be permanently blocked shortly.
The study found that 68% of the 125 students tested fell for the ruse. Considering these tactics have led to some of the most audacious security breaches of our time, this isn't surprising.
The critical aspect in all social engineering scams is that the intended victim believes the scammer to be legitimate. It's very common to see recognizable logos or trademarks, as well as well crafted text, in phishing emails. Even if you're relatively well informed, it's not always easy to tell the difference.
The result has been high-profile breaches--like in the cases of Target and Sony--that all started with a phishing email. Verizon's 2014 breach report states that phishing accounts for 67% of breaches.
Awareness and proper training are important aspects of combating this issue. There are also technologies that help to screen files contained within emails.
Another addition to the fight on phishing attacks is the ability to track the actual URLs that are typically used. In most cases, phishing emails contain URLs that either host exploits or spurious web forms designed to entice users to volunteer credentials.
The key to this strategy is to begin to map out the infrastructure associated with phishing campaigns and to set up blocks that can prevent further infection.
The fact is that phishing is still a preferred way to steal credentials. A phishing scam will look like it was sent by someone inside your organization and it will request a reasonable action. This also leaves a signature that can be successfully detected, which is the basis for RiskIQ's anti-phishing technology. RiskIQ offers a dashboard to monitor global phishing activity and detection of phishing sites targeting your brand and your customers. This provides another way to lower the amount of possible attack vectors and increase your resilience to devastating attacks.