It's an old adage in cybersecurity that the weakest point of any supposedly secure system is the people that use it.
Wada says it believes this hack was made possible thanks to a successful spearphishing attack. Phishing is a term given to the technique of tricking a user into giving up crucial information - often by clicking a link that takes them to a malicious website disguised as a familiar one, such as the log-in page for a bank or social network.bb
Spearphishing takes this one significant step further. While a phishing attack is often aimed at many people in the hope some will fall for it, spearphishing is highly targeted. Hackers perhaps identified a small number of people, or even just one person, and wrote a phishing attack specifically designed to trick them.
Other than pushing a message of vigilance among staff, spearphishing is incredibly difficult to defend against. Attackers often scour the internet, looking for added information on the target that might make an email more believable. Sometimes even knowing a person's favourite football team is enough to tip the balance in making a spearphishing email seem genuine.
No comments:
Post a Comment