Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

F5 Labs analysis reveals growing global phishing menace and application security vulnerabilities

by The Gurus
September 6, 2018
in Editor's News
phishing
Share on FacebookShare on Twitter

Findings from F5 Labs’ Lessons Learned from a Decade of Data Breaches report has shed light on the global proliferation of phishing, providing clear insights on why the technique is fast becoming cybercriminals’ easiest and most productive attack vector.

The threat intelligence reveals that phishing is responsible for almost half of breached records by root cause (48%). This is followed by credential stuffing (18%), the automated result of phishing and other attacks collecting identity data, and web app vulnerabilities (18%).

F5’s data is supported by figures from the Anti-Phishing Working Group (APWG), which indicates phishing has risen a staggering 5,753% over the past 12 years.

“Across the world, it is increasingly evident that sophisticated hackers are successfully employing social engineering and phishing techniques on a massive scale,” said Keiron Shepherd, Senior Systems Engineer at F5 Networks.

“Everywhere you look, cybercriminals continue to effortlessly access extensive data on both companies and their employees, which creates significant vulnerabilities. In most cases, applications are the primary entry point. Once an application vulnerability is exploited, attackers find their way through the network and steal the data. It is critical for organisations to take the right steps to mitigate the risks, including equipping staff with appropriate training and awareness for online sharing behaviours, as well as running penetration tests to gauge system susceptibility.”

Based on the research, F5 has identified six key behaviours to help organisations combat phishing’s growing scourge:

  1. Beware what you share: Social media platforms encourage users to share in-depth personal data, which can contain sensitive insights about their work. This is gold dust for hackers on phishing expeditions. Organisations must run robust, continually evolving awareness-raising programmes to ensure all employees embrace a culture of responsible social sharing.
  2. Regularly evaluate web business content: Attackers target specific organisations through employee details available on company and partner websites. Information such as ownership records, SEC filings for public companies, lawsuits, and social media data all provide maliciously leverageable information. Businesses should periodically review all information shared on their company websites and social media pages to determine if the content is essential.
  3. Secure the network: Vulnerable network systems and inadequately protected applications can leak internal information such as server names, private network addresses, email addresses, and even usernames. Security teams must regularly check their network systems are robustly configured to mitigate the risk of sensitive data leaks.
  4. Remember that apps contain clues: Many applications are not built with a “security by design” mindset and are usually assembled from libraries and existing frameworks. Some components can contain clues about the development team and organisational processes. Securing these is an unavoidable priority.
  5. Check email headers: Email headers are an excellent source of internal configuration information, and attackers will often fire off email inquiries to individuals to gather IP addresses, determine mail server software, and discover how emails flow out of the organisation. Businesses must frequently warn employees to check email headers before opening from unknown sources.
  6. Don’t be complacent: Security awareness and associated training programmes help employees understand how easily their online information can be hacked and the implications of a scam. Regular updates, mandatory compliance sessions, and best practice on-line courses can help build a better security culture.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Vodafone Tells Hacked Customers with “1234” Password to Pay Back Money

Next Post

Growing focus on compliance could leave businesses vulnerable to fraud

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information