Advertisement

Mandia: Phishing numbers show better U.S. cyber hygiene

Almost all the successful hacks against U.S. companies that cybersecurity specialists from Fire Eye responded to over the past year originated as phishing attacks — but that's better news than it might at first appear, CEO Kevin Mandia said Tuesday.

Almost all the successful hacks against U.S. companies that cybersecurity specialists from FireEye responded to over the past year originated as phishing attacks — but that’s better news than it might at first appear, CEO Kevin Mandia said Tuesday.

That’s because, of the non-U.S. incidents they responded to, almost half were accomplished by directly exploiting vulnerabilities in an internet-facing server.

“Internationally … we found about 50-50 [spear-phishing and] the internet-facing server being compromised by exploits without involving spear-phishing,” he said.

SQL injection, in which commands are delivered to an internet-facing server through the text boxes provided for login or search functions on a webpage, is a classic form of direct server exploitation.

Advertisement

Spear-phishing attacks — in which an employee clicks on a link or email attachment loaded with malware, downloading it onto the machine they are using — are generally designed to allow hackers to steal username and password credentials. These are then used to get into the network.

But if hackers can directly exploit a server, there’s no need to compromise an employee credential.

“What that told me,” said Mandia of the preponderance of phishing attacks in the U.S. “is that the health and welfare of our internet-facing infrastructure in the U.S. has gone up” because those U.S. organizations couldn’t be hacked by exploiting their servers directly.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.

Latest Podcasts