This blog had been published at www.keepnetlabs.com.
Email phishing simulation: want to try for free?
The data breaches continued with rapid pace in 2019, jumping to over 3,800 breaches in the first six months. This characterises a 50% or more upsurge over each of the prior four years.
According to a report published by Cyber Risk Analytics (2019), “The interest in user credentials is the key”. Phishing and other social engineering techniques have produced results for cybercriminals. “Troves of username and password combinations continue to become available on forums and file sharing sites while phishing for access credentials – a perennially popular method for gaining access to systems and services – has surged in recent months, proving once again that tried and true social engineering techniques still produce results for attackers. 1
Get in touch with Keepnet team to have the best email phishing simulation.
Moreover, according to this report, the attackers have aimed to get different data types like order history or a customer’s interests instead of only targeting sensitive information like banking details or Social Security numbers. These data are especially useful for creating spear-phishing campaigns. “The breach at Bodybuilding.com is a prime example of this trend. In July of last year, malicious actors gained access to the company’s systems thanks to a successful phishing email. Hackers were able to move about the system for approximately eight months, potentially accessing data ranging from customers names and addresses to profile details and order history…. Incidents like the breach at Bodybuilding.com also explain why the Miscellaneous data type is growing. Should something like order history and customer’s interests be captured in the profile of a breach event? We think so. While not as sensitive as banking details or Social Security numbers, the data can be especially useful for creating targeted phishing campaigns – so much so that organizations are beginning to warn users of the risk. Bodybuilding.com did exactly this, stating in their FAQ’s to customers” .2
Furthermore, variation in the number of reported breaches was less than 200 incidents between 2015 and 2018; however, for the first six months of 2019, the number of breaches increased by 54% compared to the same time in 2018. “Over 1,300 data leaks, mostly exposing email addresses and passwords, were documented in the first half of 2019. Although these tend to be relatively small events, averaging fewer than 230 records exposed per incident, these leaks have contributed substantially to the number of access credentials freely available on the Internet.”3
Want to try a variety of email phishing simulation scenarios?
The number of breaches added by Q2 in the past 8 years.
Unauthorized access of systems or services and skimmers and exposure of sensitive data on the Internet (Web) have been the top three breach types since January of 2018 – despite Tactics, Techniques and Procedures have changed over time but the end results have remained consistent. “Likewise, insider actions, both malicious and accidental, have driven the number of records exposed, with Web and Fraud accounting for over 6.7 billion records exposed over the last 18 months.”4
The number of breaches added for the top five breach types.
The number of records exposed (in millions) for the top five breach types.
The impact has changed according to the type of data exposed. In the report, we witness that most of the data exposed are email(70.5 per cent) and password (64.2 per cent).5
The percentage of breaches that exposed a particular data type.
According to the report, the majority of incidents are the result of the attacks of outsiders, however, “more and more sensitive data is exposed when insiders fail to properly handle or secure the information. Case in point misconfigured databases and services – 149 of the 3,813 incidents reported this year – exposed over 3.2 billion records”. 6
Distribution of the attack vector, broken down by the type/motivation of attack.
Not any business “safe” from a cyber attack or a breach, however, some industries are more proactive the than others when it comes to a data breach. As can be seen from the figure below, organisations on Retail and Technology business are more prone to a data loss the others. Also, the government organisations are have been “safer” the privately held organisations. 7
The number of breaches affecting each business type and sub-type.
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
- https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report/
anti phishing campaign anti phishing tools anti-phishing services anti-phishing software anti-phishing solutions gartner best anti phishing software best anti phishing solutions cyber security awareness cyber security awareness program cyber security awareness training cyber security awareness training for army cyber security awareness training for employees cyber security awareness training program cybersecurity awareness cybersecurity awareness program cybersecurity awareness training cybersecurity awareness training for army cybersecurity awareness training for employees cybersecurity awareness training program phishing protection phishing security awareness phishing security awareness program phishing security awareness training phishing security awareness training for army phishing security awareness training for employees phishing security awareness training program ransomware attack ransomware attacks ransomware decryptor ransomware definition ransomware meaning ransomware protection ransomware removal ransomware virus security awareness Security awareness program security awareness training Security awareness training for army security awareness training for employees Security awareness training program
Teknoloji Haberleri
- Lost'ta gizlenen Star Wars sürprizi: The Force Awakens'a yedi yıl önce selam çakmışLost’un 4. sezonunda yer alan ve Star Wars’un ikonik repliğine yapılan bir gönderme, J.J. Abrams’ın iki evren arasındaki bağını gözler önüne seriyor. Bu detay, Abrams’ın Star Wars sevgisini yansıtırken, The Force Awakens’ın vizyona girmesinden yedi yıl önceki bir işaret niteliği taşıyor.
- Saç dökülmesine çare, "yanlışlıkla bulunan" bu jel olabilirÇığır açan şeker jeli, erkekler ve kadınlar için mucizevi bir saç dökülmesi çözümü olabilir. İşin ilginç tarafıysa, bu jelin aslında saç dökülmesine karşı geliştirilmemiş olması...
- Yaklaşan TikTok yasağı, bu Çinli uygulamaları "uçurdu"ABD'de TikTok yasağı yaklaşırken, Çinli sosyal medya uygulaması RedNote bir numaralı uygulama olmayı başardı. Ama hepsi onunla da sınırlı değil. Az bilinen bir grup Çinli uygulama, uygulama mağazası sıralamalarının en üst sıralarına yerleşmiş durumda.
- Concorde'dan yıllar sonra, süpersonik ticari uçuşlar geri dönüyorSon uçuşunu 2003 yılında gerçekleşen efsanevi süpersonik yolcu uçağı Concorde'dan bu yana ilk kez, sesten hızlı ticari uçuşlar geri dönmeye bu kadar yakın görünüyor.
- Microsoft, Phoneix projesiyle Edge tarayıcısını yeniliyorMicrosoft'un Phoenix Projesi, web tarayıcısı Edge'in Windows 11'de hiç olmadığı kadar iyi görünmesini sağlayacak. Peki bu güncelleme, Chrome ile rekabet etmesi için yeterli olacak mı?