Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Law Enforcement, Government Agencies See Phishing as Main Cyber Risk
#1
[Image: law-enforcement-government-agencies-see-...3272-2.jpg]
In a meeting held in New York, representatives of law enforcement and governments from the US and the UK met to agree on a joint plan to tackle cyber threats, and their top priority for the foreseeable future will be phishing attacks.

The Global Cyber Alliance (GCA) was founded at the start of January this year, and on March 19 held its first Strategic Advisory Committee (SAC) meeting.

Here, founding members that included representatives from the City of London Police, The New York County District Attorney's Office and the Center for Internet Security agreed on a list of today's top cyber risks, in order to develop joint strategies to counter their effects.
"Phishing ranked top cyber threat, DDoS attacks ranked fourth"

Based on their expertise, these three organizations ranked phishing attacks as today's greatest cyber threat, followed in order by risks arising from weak identity and authentication mechanisms, risks arising from vulnerable and compromised websites, and Distributed Denial of Service (DDoS) attacks.

Personally, we see vulnerable and compromised websites as a more dangerous threat, but we must also agree to disagree.

Just recently we've seen many compromised websites (frontends, backends, exposed network equipment) allowing attackers to gain a foothold on infected systems, from where attacks can then escalate. Phineas Fisher, the famous hacker that breached Hacking Team's servers last year didn't use phishing for his attacks.

Nevertheless, our view on this topic may be skewed by our technical prowess in terms of cyber-security practices. Phishing, you see, while ineffective against a security expert, is quite effective against most regular people.

While companies may benefit from a security team to address their website security, you at home may not benefit from anti-phishing training, and here is where authorities need to stand in and help.
"GCA: DMARC usage needs to increase"

In order to stop, or at least cut down the number of phishing attacks, the GCA plans to promote the usage of the DMARC protocol that makes it harder to spoof original domains. Further plans include the GCA promoting the usage of secure DNS practices, which will also impede basic spear-phishing attacks.

Law enforcement and government agencies are right to be worried about spear-phishing, as Rohyt Belani, co-founder, and CEO of PhishMe told Softpedia.

"Recent research shows that employee-targeted spear-phishing campaigns spiked a staggering 55 percent just last year in addition to the FBI’s recent warnings that phishing-related wire fraud scams have cheated businesses out of $2.3 billion since 2013.

"Those of us in the security industry realize these upward trends signify that attackers will continue targeting employees as a primary exploitation point as long as they’re experiencing continued success.

"Seeing law enforcement agencies and municipal governments working closely together to address and combat serious threats is encouraging. The recent announcement from the Alliance brings additional visibility to the dangers of phishing and reinforces that this attack vector is a top cybercrime concern.
"Outside technical measures, employees need better anti-phishing training as well"

Mr. Belani also warns companies not to rely solely on the technical side and spend time training their employees against common phishing practices.

"Although various technology layers are essential for a strong defense-in-depth strategy, security professionals must remember that empowering employees as a last line of defense is key in defeating spear-phishing threats," Mr. Belani also told Softpedia.

"As research proves, employees remain a primary target for infiltrating organizations since malicious emails are consistently passing through weak perimeter defenses and landing in staff inboxes. By effectively conditioning behavior and operationalizing human intelligence, organizations will be better equipped to identify, prioritize and respond to phishing and other key threats before attack payloads are delivered.

"Failure to embrace employees and human-generated intelligence as viable defensive layers in an organization’s security posture is akin to not having a line of defenders standing between the soccer goal and the opposition when the latter is taking a free kick."
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Wor mrtrout 0 1,681 05-10-2023 , 03:29 AM
Last Post: mrtrout
  Chinese Hackers Targeting Russian Federal Agencies mrtrout 0 588 08-06-2021 , 03:31 AM
Last Post: mrtrout
  Federal agencies told to patch wormable Windows DNS bug in 24 hours guardian 0 1,608 07-17-2020 , 12:21 AM
Last Post: guardian
  Your VPN could be putting working from home at risk sidemoon 0 1,082 04-10-2020 , 11:58 PM
Last Post: sidemoon
  More than one billion Android devices at risk of malware threats sidemoon 1 1,630 03-06-2020 , 09:00 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)