The Latest in Phishing: April 2015

We bring you the latest news about phishing statistics and attacks from the wild.

Verizon’s 2015 Data Breach Investigations Report Findings

• Over 2/3 of all espionage cases involved phishing attacks
• 23% of recipients now open phishing messages and 11% click on attachments
• It takes only 82 seconds on average for hackers to get their first victim in a phishing campaign

The lead author of the report, Bob Rudis, says, “Training your employees is a critical element of combating this threat.”

Increase your security response team's efficiency with PhishAlarm Analyzer

Recent Phishing Attacks and Current Threats

• Russian hackers gained access to the White House by way of a phishing email. As we mentioned previously, White House staff declined an optional 90-minute training session on online security offered in advance of the attack.
• The “Operation Pawn Storm” campaign is using phishing attacks to target governmental and political entities. Once hackers are able to gain access to a system, the malware steals information and acts as a back door.
• 280 Kansas City municipal employees gave up their login credentials in a series of mock phishing attacks sent by city auditors over the course of six months. Even after being notified to change their credentials after the fake attack, 30% of employees neglected to do so within 48 hours of the attack.
• Spy vs. spy? Warring advanced persistent threat groups Naikon and Hellsing are spear-phishing one another, according to Kaspersky.
• IBM uncovered a fraud scheme known as “The Dyre Wold” that uses a combination of phishing and vishing attacks to target large and medium-sized U.S. companies. So far the group has stolen more than a million dollars from various companies.
• After an investigation, it was determined that a phishing email was key to the hacking of French television channel TV5Monde by “cyber jihadists.”