The fact that phishing continues to be an effective tactic for infiltrating enterprise networks, was revealed in McAfee Labs Threats Report: August 2014.
Part of the report, the McAfee Phishing Quiz, aimed at testing business users' ability to detect online scams, revealed that at least one out of seven phishing e-mails went undetected by 80% of those surveyed.
In addition, finance and HR performed worst when it came to detecting scams, even though those departments hold some of the most sensitive business information.
In the quarter since the company's last Threats Report, McAfee has collected over 250 000 new phishing URLs, adding up to a total of nearly a million new sites over the past year.
Moreover, the company says not only did the volume increase, but the sophistication of attacks escalated too. "Both mass campaign phishing and spear phishing are still hugely popular means of attack among cyber criminals across the globe."
Another interesting finding uncovered new cyber crime opportunities the day after the Heartbleed vulnerability was publicly disclosed. Stolen information from Web sites that are still unlatched is being traded on the black market. Additionally, lists of vulnerable Web sites have become hit lists for cyber criminals, and tools that can mine data off these sites are readily available on the Web.
"One of the great challenges we face today is upgrading the Internet's core technologies to better suit the volume and sensitivity of traffic it now bears," adds Vincent Weafer, SVP at McAfee Labs.
"Every aspect of the trust chain has been broken in the last few years, from passwords to OpenSSL public key encryption and most recently USB security. The infrastructure that we so heavily rely on depends on technology that hasn't kept pace with change and no longer meets today's demands."
Share