Antony Savvas at Computerworld UK had a good write-up about this quite interesting news: "Some 91% of cyberattacks begin with a "spear phishing" email, according to research from security software firm Trend Micro.Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for instance, refer to their targets by their specific name or job position, instead of using generic titles like in broader phishing campaigns.
According to a Trend Micro report 94% of targeted emails use malicious file attachments as the payload or infection source. The remaining 6% use alternative methods such as installing malware through malicious links.
The most commonly used file types for spear phishing attacks accounted for 70% of them. The main file types were .RTF (38%), .XLS (15%) and .ZIP (13%). Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments are usually detected and blocked by security systems, said Trend. They also said that 75% of email addresses for spear phishing targets are easily found through web searches or using common email address formats. Here is the full article. It seems that high quality security awareness training is now a must.
The most commonly used file types for spear phishing attacks accounted for 70% of them. The main file types were .RTF (38%), .XLS (15%) and .ZIP (13%). Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments are usually detected and blocked by security systems, said Trend. They also said that 75% of email addresses for spear phishing targets are easily found through web searches or using common email address formats. Here is the full article. It seems that high quality security awareness training is now a must.
Related Pages: Spear Phishing
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
