Can the Phishing Menace be Reined in?

Phishing is the starting point for most data breaches.

People are the weakest link to an organization’s security posture. Current approaches to controlling the proliferation of phishing have shown no signs of success. Implementing a Web Application Firewalls (WAFs) will help prevent cybercriminals from gaining access to compromised servers and launching phishing campaigns. Researchers from the one provider working with Intsights*, an intelligence driven security provider, have discovered how cyber criminals are lowering the cost of phishing by enabling Phishing as-a-Service (PhaaS) using compromised web servers.

PhaaS is 2X more profitable and 1/4^th the cost of an unmanaged phishing campaign. The traditional approaches focus on training people and deploying better malware detection, but training people has barely made a dent. The Verizon Data Breach Investigations Report (DBIR) from 2016 shows a disturbing trend of more users being susceptible to phishing in 2016 versus the previous year. Most endpoint protection software have increased the attack surface of an enterprise and possibly allow attackers access to the enterprise network.

Every enterprise that has deployed a next generation firewall is raising the barrier for network breaches and forcing hackers to exploit vulnerabilities of the users with the use of phishing. Choking the supply of compromised servers and containing phishing by making it expensive and cumbersome for hackers to launch phishing campaigns is a key approach.

For more information, read the “Time to rethink your prevention strategy” Hacker Intelligence Initiative report.