Attackers understand that the human layer is frequently the weakest link in the security chain, and many rely on stealing passwords to gain access to the network. Already this year, the number of phishing websites has increased 250 percent since the last quarter of 2015, according to the Anti-Phishing Working Group, a global coalition of law enforcement, private organizations, and researchers.Attackers also know that for the most part, they don’t have to use expensive zero day vulnerabilities, as many organizations are not practicing strong cyber hygiene; known vulnerabilities “can remain active and undetected for days, months, or even longer.” Attackers know that they will likely have time to operate inside the target network without being detected. Once the attacker has access to a system, possibly via a phished valid username and password for an authorized user, they have the same access privileges as that user. All it takes is a user clicking on the wrong link, opening the wrong attachment, or disclosing their password to a well-crafted impersonator for their credentials to be stolen. Threat actors will go through great effort to learn about the target organization and its employees to create phishing and other social engineering methods that are incredibly difficult to identify from legitimate login screens, and once the credentials are lost, the attacker can impersonate the employee and access internal systems.
Read the entire article here, Using Network Telemetry and Security Analytics to Detect Attacks
via the fine folks at Cisco Systems.