User Mistakes Equally Responsible For Most Cyber Attacks
Majority of cyber attacks are successful because employees click on links in tainted mails and company fail to apply available patches to known software flaws, say two new reports of cyber security.
According to a new study of data breaches, by Verizon Communications Inc, more than two-thirds of 290 electronic espionage cases involved phishing - security industry's term for trick emails.
"There's an overarching pattern," said Verizon scientist Bob Rudis. Attackers use phishing to install malware and steal credentials from employees, then they use those credentials to roam through networks and access programs and files, he said, according to Reuters.
The report found that while major new vulnerabilities such as Heartbleed are being used by hackers within hours of their announcement, more attacks last year exploited patchable vulnerabilities dating from 2007, 2010, 2011, 2012 and 2013.
Another report on similar lines, by Symantec Corp, found that state-sponsored spies also used phishing techniques because they work and because the less-sophisticated approach drew less scrutiny from defenders.
"Once I'm in, I can do what I need to," said Robert Shaker, an incident response manager at Symantec. The report drew on data from 57 million sensors in 157 countries and territories, Reuters added.