Attackers can teach you to defend your organization against phishing

2021-04-27 05:10

Using the kill chain to assess how an attacker would approach your organization makes it easier to understand which steps, at a minimum, would need to be taken by an arbitrary attacker to succeed in a phishing attack against your company.

Phishing is usually thought of as only occurring during the "Delivery" phase of an attack.

In reality, a successful phishing attack requires success during the first four stages, providing you with opportunities to prevent, detect, and respond before the attacker has an opportunity to establish a foothold.

Because of the attacker's work in the first stage of the kill chain, these phishing emails are far more likely to be effective than non-targeted attacks.

Once the code from the phishing email is successfully executed, a command-and-control channel is established between the compromised system and a system controlled by the attacker.

With a commitment and focus to seeing phishing from the mind of an attackers, you can build a robust, layered defense that turns an unavoidable inherent risk into a manageable residual risk.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/EC90woLJeqM/

#phishing