Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

Share this article:
$30 RAT, WinSpy, involved in two phishing campaigns
On Wednesday, HP TippingPoint released its State of Network Security survey which polled hundreds of professionals.

A national survey of IT professionals tracked the frequency with which even tech savvy staff at companies were targeted by phishing emails.

According to HP TippingPoint, which sponsored the State of Network Security survey (PDF) released Wednesday, nearly 70 percent of IT professionals experienced phishing attacks – malicious emails disguised as legitimate correspondence via social engineering – at least one a week.

The study was conducted by global research practice Ipsos Observer last month, and encompasses the answers of 205 IT professionals across the United States.

Also underscored in the report were trends concerning data targeted in enterprise network attacks.

Sixty-seven percent of respondents said that, in the event of a network breach, customer data was the most likely to be sought by attackers. Also on hackers' radars was company financial information, which 63 percent of respondents said was likely to be attacked.

Jennifer Ellard, director of enterprise security products at HP TippingPoint, told SCMagazine.com that a layered security approach, which included security awareness training, was needed to thwart malware infections (and data theft) as a result of phishing.

Sandboxing technologies, for instance, can be used in conjunction with security awareness training, she explained, as enterprises “need an environment where malware can detonate and you can analyze it” before it impacts staff.

“Sandboxing works from a near-real time [detection] and forensics perspective,” she continued.  

Last week, news surfaced that customers of JPMorgan Chase were the target of a massive phishing campaign, which leveraged phishing pages to collect credentials and also host the RIG exploit kit. RIG was capable of exploiting users' software vulnerabilities to spread Dyre malware, and at the time, roughly 500,000 phishing emails had been sent out to unsuspecting users, security firm Proofpoint revealed.

Saboteurs targeting enterprises, however, often go for a more targeted approach, known as spear phishing, combing through victims' publicly available information on social media networks, for instance, to personalize malicious emails or even strike at the most opportune time.

“Those targeted attacks are about 90 percent effective,” Ellard warned.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.