Chapter summary
This chapter focused on internet-based threats. We examined phishing attacks, drive-by download attacks, and malware distribution sites. So many attacks leverage social engineering that CISOs and security teams must spend time and resources to mitigate it. For example, every week, tens of thousands of new phishing sites are connected to the internet, and every month, billions of phishing emails are sent to prospective victims.
Locations that have historically hosted above average concentrations of phishing sites include Bulgaria, Ukraine, and Indonesia. Most phishing emails include a link to a phishing site (Microsoft Corporation, 2018) and most phishing sites leverage HTTPS (SSL/TLS) (Phishing Activity Trends Report 4th Quarter 2019, 2020). Accounts are nearly 100% less likely to be compromised when MFA is enabled (Weinert, 2019). Anti-social engineering training for Information Workers can also be an effective mitigation.
Drive-by download attacks leverage...