HomeBusiness Phishing remains top threat to businesses, IBM says

Phishing remains top threat to businesses, IBM says

by admin
Phishing remains top threat to businesses, IBM says

First published on

Dive Brief:

Phishing remained the top initial access vector for security incidents last year with more than 2 in 5 of all incidents involving phishing as the pathway to compromise, IBM research found.
Three in 5 of all phishing attacks were conducted through attachments last year, according to IBM Security X-Force’s annual threat intelligence report released Wednesday. Phishing via links accounted for one-third of all phishing attacks. 
One-quarter of attacks involved the exploitation of public-facing applications and 16% abused valid accounts for access. Just 1 in 10 involved external remote services. 

Dive Insight:

The consistent ranking of phishing as the most prevalent initial access vector underscores the need for organizations to focus on people, process and technology, according to Stephanie Carruthers, global head of innovation delivery and chief people hacker at IBM Security X-Force Red.

Phishing has enjoyed longstanding success as an initial access vector and attackers are constantly innovating their approach to keep phishing alive and thriving, Carruthers said.

“It only takes one person to click that link that could lead to a major compromise,” Carruthers said via email. “And it works because it’s simple and plays on human emotions. That’s a trifecta right there and that’s what’s providing staying power.”

The latest phishing tactics need to be shared with employees so they know what to look out for, such as phishing emails that are getting harder to spot.

Thread hijacking, which involves a threat actor hijacking an email account and responding to email threads pretending to be the original victim, doubled in 2022.

“What makes thread hijacking so dangerous is that attackers are hitting people when their defense is down, after that first level of trust has already been established,” Carruthers said.

The research highlights trends and points of compromise that played out in some of the most high-profile incidents of 2022.

Incidents involving identity access managers, such as Okta and Twilio, impacted many potential downstream victims and in one case they were intertwined when a phishing attack against Twilio exposed one-time passwords of multiple Okta customers.

The majority of penetration tests IBM Security X-Force Red ran for clients in 2022 revealed improper authentication or handling of credentials. Many organizations lacked visibility into applications and endpoints exposed through identity access management services, the report found.

The report is based on research data IBM Security X-Force gathered in incident response engagements throughout 2022, in addition to vulnerability and exploit databases and network and endpoint tracking.

Source : ConstructionDive

You may also like

Phishing remains top threat to businesses, IBM sayshttps://www.cap-neree-services.com  https://www.diagnosismesothelioma.info  https://myster-jeepeg.com  https://www.7a7.biz  https://www.politique-en-france.com  
Brighton stat will leave Potter red-faced as Chelsea pressure grows * Cablepelado Lot de 100 cosses Faston Femelles Rouge 4,8 mm * WolinTek Jouet à Plumes pour Chats, Jouet de Chat,Interactif Rétractable Canne a Peche Jouet avec 5 Recharges pour Chats… *  *-*sourcing map Nonslip Poignée 100mm Long T25 Torx Point Magnétique Pointe Tournevis * Pierre Gimonnet Et Fils – Champagne Pierre Gimonnet Brut Blanc De Blancs Magnum 1.5L * KERBL 299720 MuscaBlock Spray Anti-Mouches pour Cheval 500 ml *  -*-https://atelier-aquariophilie.com  https://dedalustats.eu  https://www.droles-danimaux.com/  https://www.wtbass.com  https://lyricapregabalintv.com  https://unmaillotdebain.com  https://newmen.biz  https://news2.fr  Phishing remains top threat to businesses, IBM says*Phishing remains top threat to businesses, IBM says

news7.asia Phishing remains top threat to businesses, IBM says