Microsoft’s new Security Intelligence Report (SIR Volume 24) finds that phishing attacks increased 250% between January and December 2018, with attackers moving to multiple points of attacks during the same campaign, switching between URLs, domains, and servers when sending e-mails and hosting phishing forms. Hosted servers and public cloud tools were also adopted to make it easier to camouflage as legitimate services or products.
Colin Bastable, CEO at cybersecurity test and training company Lucy Security:
“Hacking is a multi-billion dollar industry. If it was being run by one company, rather than a mix of organized crime syndicates, lone wolves and governments, it would be comparable to a major NASDAQ tech business. These are smart, motivated people with not much to lose and a lot on the upside. They’re ahead of most security vendors in the Cyber Security war, because the vendors play defense. The fact is, most CISOs and the majority of vendor CTOs can’t grasp the range of methods and techniques at the disposal of hackers, because they live by the rules. Hackers make up new rules. The one constant is people – they are the most measurable and most manageable point of attack for hackers, regardless of how they launch the attack. Training employees to be part of the cybersecurity defense team should be top of every CEO’s agenda. Every day.”