McAfee Labs highlights success of phishing attacks

McAfee Labs have released the McAfee Labs Threats Report: August 2014, revealing that phishing continues to be an effective tactic for infiltrating enterprise networks.

Testing business users’ ability to detect online scams, the McAfee Phishing Quiz uncovered that 80 percent of its participants failed to detect at least one of seven phishing emails.

Furthermore, results showed that finance and HR departments, those holding some of the most sensitive corporate data, performed the worst at detecting scams, falling behind by a margin of 4 to 9 percent.

In Australia, the most skilled performers in the quiz were executives and IT professionals.

Three quarters of Australian business users fell for at least one of the seven phishing emails.

Since last quarter’s Threats Report, McAfee Labs has collected more than 250,000 new phishing URLs, leading to a total of nearly one million new sites in the past year.

Not only was there an increase in total volume, there was a significant rise in the sophistication of phishing attacks occurring in the wild.

Results showed both mass campaign phishing and spear phishing are still rampant in the attack strategies used by cybercriminals around the world.

The study revealed Australia as having 1,709 URL domains containing phishing links, the highest in Asia Pacific, ranked ninth globally.

Findings also revealed new cybercrime opportunities since the public disclosure of the Heartbleed vulnerability, as stolen data from still vulnerable websites is currently being sold on the black market.

Lists of unpatched websites have quickly become hit lists for cybercriminals and tools are readily available to mine unpatched sites.

With these tools, it is possible to tie together an automated system that targets known vulnerable machines and extracts sensitive information.

To read the full McAfee Labs Threats Report: August 2014 with a complete list of findings, visit: http://mcaf.ee/uycbt