Phishing Remains a Major Security Issue
Cyber criminals have used phishing techniques for years to steal personal information from consumers, but a recent Verizon report shows just how rampant phishing continues to be. 30% of phishing messages were opened this year, up from 23% last year. 13% of users who opened the email then clicked on the malicious attachment or link.
Phishing is an attempt to acquire sensitive information such as passwords, usernames and credit card information by masquerading as a trustworthy entity in an electronic communication.
Cyber criminals typically use a three-pronged attack when phishing. They start by sending a phishing email with a link to a malicious website or an attachment. If the user clicks, the malware is downloaded onto their computer, and the hacker can look for secrets and internal information to steal (in the case of cyberespionage) or encrypt files so that the user needs to pay a ransom to access their files (ransomware). The malware can also steal credentials through key logging and then the cybercriminal can log into a user’s banking or retail websites.
Other highlights of the report include:
- 89% of all attacks are motivated by money or espionage.
- Even though vulnerabilities have been identified in many systems, they’ve never been patched, so cybercriminals are able to attack again and again. In fact, 85% of successful exploits targeted the top 10 known vulnerabilities.
- 63% of data breaches involve weak, default or stolen passwords.
- Ransomware attacks have increased by 16% since 2015.
- Many organizations are still lacking basic defenses.
- While the Internet of Things and mobile device compromises are not a significant factor, Verizon researchers believe “it’s only a matter of time before a large scale breach impacts mobile and IoT devices.”
It appears that cybercriminals are also getting fast. In 93% of the cases studied, it took the attackers minutes or less to compromise a system. Data was stolen within minutes in 28% of the cases.
“The Data Breach Investigations Report’s increasing importance to businesses, law enforcement and governmental agencies demonstrates a strong desire to stay ahead of cybercrime,” said Chris Formant, president of Verizon Enterprise Solutions. “Now more than ever, the collaboration and contributions evidenced in the DBIR from organizations across the globe are required to fully understand the threat landscape. And understanding is the first step toward addressing that threat.”