spear phishing ha dimostrato di essere uno dei più efficienti e quindi metodi più pericolosi per compromettere una società, un governo o un ente. In 2015, attacchi mirati innescati da lance hanno successo in vari settori di attività. An innocently looking email containing malicious code can unleash various malicious campaigns, depending on what cyber criminals are aiming to accomplish.
Impara di più riguardo Spear Phishing and Its Outcomes in 2015
Come abbiamo già scritto, a special survey was recently conducted by Cloudmark to determine the outcome of spear phishing. Come si è scoperto, il 300 companies that took part in it, have confirmed that spear phishing has been a major threat throughout 2015. Most spear attacks have ended with malware, with authentication credentials discovery and corporate information requests being next.
Besides the survey itself (linked above), Cloudmark has gathered some of the most damaging data breaches of 2015 that have started with spear phishing.
In no particular order
Industry Sector: Bancario
Bersaglio: 100 Banche
Learn More about the Malware Payload: Carbanak
Secondo una 2015 Kaspersky’s report, almeno 100 banks were targeted online by an unidentified cybercriminal group. The company believes that those banks registered financial losses of $2.5 a $10 per bank. In those attacks, spear phishing was used and the infamous Carbanak was spread in the emails.
Industry Sector: eCommerce
145 million user records were stolen, after several employee credentials were compromised. The public criticized eBay for storing sensitive information in an improper manner – in one location, unencrypted. Even though stolen information didn’t include banking details, the eBay users became subject to multiple spam and phishing campaigns. Da qui, the eBay breach has been dubbed one of the biggest security breaches in modern history.
Industry Sector: Al dettaglio
Bersaglio: HVAC, Bersaglio
In that particular attack, 40 million credit cards and 70 million other personal records were compromised. Più tardi, it became known that cybercriminals sold 1-3 million credit cards for $18-35 per piece, gaining about $54 million from the operation.
Industry Sector: Tecnologia
Bersaglio: Ubiquiti Networks
The attack cost the company $46.7 milione. It was triggered by the so-called CEO-spoofing, when a malicious actor impersonates an executive via email and authorizes a wire transfer to the attacker’s account. Per fortuna, Ubiquiti Networks recovered $8.1 million through intense legal actions in different countries. The case is known as the biggest wire fraud started via spear phishing.
Industry Sector: Entertainment
Bersaglio: Sony Pictures
The major data leak Sony Pictures suffered in 2015 was most likely provoked by the release of the controversial movie The Interview. Internal documents, dati finanziari, unreleased motion pictures, private emails were leaked in a supposed North Korean state-sponsored attack. Access was achieved via aggressive spear phishing.