The Verizon Data Breach Report for 2016 is out. So what was the number one hacking method of 2016? And how can you protect yourself from it?
Evolution of Phishing
Hacking attacks based on phishing have evolved over the years. Phishing originally focused on sending people to fake websites to get them to enter their financial information and password credentials. However, by 2013, hackers added a new second phase of attack:
“The first ‘phishing’ campaigns typically involved an e-mail that appeared to be coming from a bank convincing users they needed to change their passwords or provide some piece of information, like, NOW. A fake web page and users’ willingness to fix the nonexistent problem led to account takeovers and fraudulent transactions.
Phishing campaigns have evolved in recent years to incorporate installation of malware as the second stage of the attack. Lessons not learned from the silly pranks of yesteryear and the all-but-mandatory requirement to have e-mail services open for all users has made phishing a favorite tactic of state-sponsored threat actors and criminal organizations, all with the intent to gain an initial foothold into a network.
In the 2013 DBiR, phishing was associated with over 95% of incidents attributed to statesponsored actors, and for two years running, more than two-thirds of incidents that comprise the Cyber-Espionage pattern have featured phishing. The user interaction is not about eliciting information, but for attackers to establish persistence on user devices, set up camp, and continue their stealthy march inside the network.” — 2015 Verizon Data Breach Investigations Report
By 2013, the vast majority of phishing involved a second-stage attack of setting up a persistent backdoor trojan in the victim’s computer.
Now, in 2016, the installation of a persistent backdoor is no longer a secondary consideration. Rather, in 2016, the installation of a persistent backdoor is the primary objective of phishing campaigns:
“The majority of phishing cases feature phishing as a means to install persistent malware….
There are still cases where the phishing email leads users to phony sites, which are used to capture user input, but the majority of phishing cases in our data feature phishing as a means to install persistent malware.” — 2016 Verizon Data Breach Investigations Report
In other words, the number one attacking method of 2016 was to use phishing to install secret connections to hackers’ command and control centers.
So how can you protect yourself from the single-most prevalent form of hacking? Terra Privacy’s Hacker Deterrent is specially designed to expose and block persistent backdoors. In other words, Terra Privacy’s Hacker Deterrent is specially designed to protect you against the single-most prevalent form of hacking.