CDSA

The Lazy Habits of Phishing Attackers (Dark Reading)

[svg-table-content]

The next time a crisis communication manager states that their organization suffered from a “highly sophisticated” attack, someone may want to cross-check that with how most attacks are actually carried out.

According to new research out this week culled from an extensive honeypot operation, most attackers using phishing to initiate attacks are the opposite of sophisticated. They’re lax with their opsec– most don’t go through much effort at all to hide their attacks. Considering that some estimates peg 91% of all cyberattacks starting with phishing emails, that tells you that the vast majority of attacks are noisy and very identifiable. Yet the bad guys still manage to do a ton of damage because the resistance they face is paper thin.

The recent report was released by researchers at Imperva, who maintained close to 90 personal accounts on various online and email services over the course of nine months. These “honey accounts” were planted with various traps within them to collect data about how long it took for attackers to exploit stolen passwords and compromise accounts, how and when attackers explored and collected data, and how attackers tried to muffle their malicious activity from detection by the account owner.