Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishers Hone Skills, Craft More Impressive Attacks

Posted by Soulskill on from the practice-makes-perfect dept.

CWmike writes "Recent break-ins at high-profile targets like the International Monetary Fund demonstrate just how proficient hackers have become at so-called spear phishing, researchers said on Tuesday. 'Today's spear phishing is not only more prevalent but also much more technically proficient,' said Dave Jevans, chairman of the Anti-Phishing Working Group. 'They're not going for a password, anymore; they're getting people to install crimeware on their computers.' The trend highlights the need for defenses against such targeted threats, requiring companies to look beyond security strategies focused purely on dealing with traditional network threats, analysts said. Increasingly, companies also need to focus on approaches such as continuous monitoring of networks, databases, applications and users, outbound traffic filtering and whitelisting."

5 of 63 comments (clear)

  1. The Art of Deception by DigiShaman · · Score: 3, Informative

    The Art of Deception. By Kevin D. Mitnick. It's worth reading.

    --
    Life is not for the lazy.
    1. Re:The Art of Deception by DeusExMach · · Score: 3, Funny

      It takes a thief...

  2. Maybe it's time... by __Paul__ · · Score: 5, Insightful

    ...to stop employing people who are so clueless when it comes to IT. Personal computers have been commonplace for more than twenty years now, it's time people started learning how to use them correctly.

    I'm still coming across businessmen of a certain vintage (typically 50+) for whom it's a matter of pride that they "don't know anything about computers". FFS, it's 2011. Get a grip or retire.

    --
    worldmobilenet.com -- World Prepaid Wireless Internet plans
  3. Special sandbox for 'em by Mathinker · · Score: 5, Interesting

    No, I think the best is to provide super-special sandboxing for them. One could even periodically send "test probes" to random people on one's network to better judge their level of acumen vs. current phishing techniques. Those who fail (or originally admit to being clueless) get:

    • all email which isn't a direct reply to something they originated "held up for review" by some luckless soul in IT
    • extra lockdown of their computer, perhaps including physically disabling USB ports and DVD drives
    • extra automatic monitoring of their computer for unusual behavior
    • segregating them into a special segment of the LAN which is only connected to the rest of the company via a special filtering/monitoring gateway
  4. Not phishing by lavagolemking · · Score: 3, Informative

    Phishing means tricking users into divulging sensitive data, usually a password. It is just one type of social engineering. What is being described here is another form of social engineering, where users are told instead to install malware or something like that. It is not phishing, or even spear phishing. When you get a lot of information together to plan out an effective attack on human psyche, it's called pretexting.