Mandia: Phishing numbers show better U.S. cyber hygiene

(Credit: iStockphoto.com)

Share

Written by

Almost all the successful hacks against U.S. companies that cybersecurity specialists from FireEye responded to over the past year originated as phishing attacks — but that’s better news than it might at first appear, CEO Kevin Mandia said Tuesday.

That’s because, of the non-U.S. incidents they responded to, almost half were accomplished by directly exploiting vulnerabilities in an internet-facing server.

“Internationally … we found about 50-50 [spear-phishing and] the internet-facing server being compromised by exploits without involving spear-phishing,” he said.

SQL injection, in which commands are delivered to an internet-facing server through the text boxes provided for login or search functions on a webpage, is a classic form of direct server exploitation.

Spear-phishing attacks — in which an employee clicks on a link or email attachment loaded with malware, downloading it onto the machine they are using — are generally designed to allow hackers to steal username and password credentials. These are then used to get into the network.

But if hackers can directly exploit a server, there’s no need to compromise an employee credential.

“What that told me,” said Mandia of the preponderance of phishing attacks in the U.S. “is that the health and welfare of our internet-facing infrastructure in the U.S. has gone up” because those U.S. organizations couldn’t be hacked by exploiting their servers directly.

TwitterFacebookLinkedInRedditGoogle Gmail