Hamed Diab
80pc business users fail to detect phishing attacks
DUBAI, September 4, 2014
Phishing attacks continues to be an effective tactic for infiltrating enterprise networks, with 80 per cent of business users unable to detect scams, according to a recent report.
The McAfee Labs Threats Report: August 2014 pointed out that finance and HR departments, those holding some of the most sensitive corporate data, performed the worst at detecting scams, falling behind by a magin of four to nine per cent.
The McAfee Phishing Quiz found that around the world, the ability to detect phishing varied by region. Europe, Middle East and Africa (EMEA) proved to be the most skilled at an average of 67 per cent correct.
Bahrain, UAE and Saudi Arabia were among the 48 countries that took part in the quiz in the EMEA region.
The lab collected more than 250,000 new phishing URLs, leading to a total of nearly one million new sites in the past year. There was an increase in total volume, as well a rise in the sophistication of phishing attacks occurring in the wild.
Results showed both mass campaign phishing and spear phishing are still rampant in the attack strategies used by cybercriminals around the world. Meanwhile, the US continued to host more phishing URLs than any other country.
In the Middle East region the countries hosting phishing URLs were found to be the UAE with seven domains, Saudi Arabia with five, Palestive with three, Syria and Lebanon with two each and Jordan, Iraq and Kuwait with one each.
Hamed Diab, regional director in the Mena, said: “Despite being among the best in detecting phishing emails and hosting lesser phishing domains in comparison to other parts of the world, the ME region remains one of the most vulnerable regions to cyber security breaches. It takes only one infected email to deliver malware and cause damage. This is why it remains essential to educate users on best practices in detecting and acting upon suspicious emails.”
The findings also revealed new cybercrime opportunities since the public disclosure of the Heartbleed vulnerability, as stolen data from still vulnerable websites were being sold on the black market.
The lists of unpatched websites have become hit lists for cybercriminals and tools are readily available to mine unpatched sites, said the report. With these tools, it is possible to tie together an automated system that targets known vulnerable machines and extracts sensitive information.
Vincent Weafer, senior vice president for McAfee Labs, said: “One of the great challenges we face today is upgrading the Internet’s core technologies to better suit the volume and sensitivity of traffic it now bears.
“Every aspect of the trust chain has been broken in the last few years—from passwords to OpenSSL public key encryption and most recently USB security. The infrastructure that we so heavily rely on depends on technology that hasn’t kept pace with change and no longer meets today’s demands.” - TradeArabia News Service