back to article Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …

Anonymous Coward

ηβπ?

3,141 confirmed data breaches last year

Really? Are they sure it wasn't 3,1415926?

P.S. I want my HTML in the title!

7
0
Silver badge

ηβπ

(See title.)

1
0
Silver badge

Hackers vs Boneheads

Companies are unable to change anything to do with computing. Having the latest shiny and concern with how things appear to each other is more important to them than how it looks to a hacker.

5
0
Bronze badge

Bad Grammar

One of the dead give aways of a phishing email is often very bad grammar and spelling. Maybe more people are getting lured into opening phishing links is due to the declining competence in language skills.

And, of course passwords are weak! We're being told to change them 3x/day and I, for one, am not all that creative first thing in the morning.

6
0
Anonymous Coward

Re: Bad Grammar

> often very bad grammar and spelling

That was then. Nowadays you have very good grammer, excellent spelling, use of first names and use of company logo in the footer.

7
0
Silver badge

Re: Bad Grammar

Bad grammar, intentional or not, provides an excellent filter for the perps. People who see that as a sure sign of phishing get eliminated right away and the remaining people are more likely suckers.

9
0
Vic
Silver badge

Re: Bad Grammar

One of the dead give aways of a phishing email is often very bad grammar and spelling

But not always.

I've had a bunch of phish emails lately which look *very* much like genuine LinkedIn invitations. And if they'd sent the emails to an address I'd ever given to LinkedIn, I might[1] have been taken in...

Vic.

[1] I wouldn't - but that's because I'm paranoid. If ever I get an email that wants such data from me, I always check the headers first. Most people don't, of course...

5
0
Silver badge

Re: Bad Grammar

I chuck the linked-in invitations out even faster than the phishing emails.

3
0
Silver badge

Re: Bad Grammar

"I chuck the linked-in invitations out even faster than the phishing emails."

But how can you tell them apart?

Oh, right... never mind!

1
0

Re: Bad Grammar

Maybe more people are getting lured into opening phishing links is due to the declining competence in language skills.

And counting upvoters that's five people who can't be bothered to look at the research. Well, that's hardly surprising.

For random phishing, implausible stories and non-standard language use improve the attackers' ROI, as Herley demonstrated years ago. What's more, many (possibly most) of the victims of random-phishing attacks are well-educated middle-class users who are perfectly capable of recognizing non-standard language when they encounter it. They're not deterred because they fall prey to greed and various cognitive fallacies - again, as various researchers have shown.

In any case, random phishing is a bottom-feeder attack, and not what we're primarily talking about here.

Spear phishing is usually what's used to gain access to internal networks, and those messages tend to be well-crafted, both in general usage and editing, and in referring to organizational specifics like employee names. And spear phishing has about a 90% success rate against a targeted organization with at least ten message recipients, according to some studies.

But, yes, blame the user. That'll fix the problem.

1
0
Anonymous Coward

Don't remind me!

"Many victims have single-factor access into parts of their network even if they think otherwise"

I don't even think otherwise.

You know this will be so forever when you are in a C-level meeting about "IT problems and strategy" and the first that happens is that the CFO complains that his Windows is getting slower and no-one is upgrading his laptop.

5
0
Silver badge

Re: Don't remind me!

"the CFO complains that his Windows is getting slower and no-one is upgrading his laptop."

Probably the best option would be to collect his laptop first thing every the morning for its daily update. The daily update would be so exhaustive that it would only be ready to return to him last thing at night.

5
0
Silver badge

"Cybercriminals are way ahead of the game against defenders"

Part of the problem is manglement thinking "cyber" means "something terrifying".

"without having to try anything new"

Part of the problem is manglement refusing to pay for anything newer than 1980.

"according to the latest edition of Verizon's benchmark survey of security breaches."

Ah, yes. Verizon. That benchmark of secure providers.

4
0

Part of the problem is manglement thinking "cyber" means "something terrifying".

Hell, part of the problem is using the prefix "cyber" for anything other than "cybernetics". Or for "cybernetics", for that matter, when it's not used in a technically accurate sense.

2
0
Silver badge

I will openly admit

to be one of those people that opens attachtments (after taking some precautions) because i like to respond to the phising attempt with "real" details.

So if i get a "your Paypal account is locked" email, i will happily fill it in with real but false data.

Credit card number to pass the LUHN test are readily available from dark coding, a bank sort code is easily invented, as is an account number. A plausable name and address doesnt take much imagination to conjour up.

They must spend hours typing in the details just hoping that they made a small error inputting the data.

If all of us with the know-how did this, phishing attacks would not be worth the effort as they would drown under the deluge of seemingly real data.

3
2
Silver badge

Re: I will openly admit

You could write a bot and single handedly bury them.

3
0
Silver badge

Re: I will openly admit

Sadly, my programming skills start and end at:

10 Print "cornz was here";

20 cls

30 goto 10

2
0
Silver badge

PEBCAK

Unsurprisingly, the conclusion from all this is that worrying about technology, arms races, and so on is completely pointless because by far the biggest problem remains the fact that people are stupid. It's all very well saying that hackers are ahead of defenders, but as long as people are desperate to throw all their credentials and personal information at anyone and everyone who asks for them, there's not really a lot said defenders can do.

2
0

Re: PEBCAK

People have always been stupid, and presumably always will be, so no one should ever try to address any problem, ever.

0
0
Silver badge

Poisoned Chalices on the Righty Rocky Road to Nowhere Worthwhile

Security defenders are still performing poorly in their attempts to defend against hacking or malware-based attacks. This isn't for a lack of trying or skills on their part, but almost completely down to the fact that the game is rigged against them.

Defending the indefensible and inequitable is always a rigged game which defenders are never ever going to win and the harder they attack the easier and the quicker they are securely defeated and disgraced. It is thus wise to try and understand what you are being contracted to defend, for the truth in right dodgy cases is never presented and always hidden from scrutinuous and inscrutable view.

3
0
Anonymous Coward

Re: Poisoned Chalices on the Righty Rocky Road to Nowhere Worthwhile

> securely defeated and disgraced

Lovely.

0
0
Happy

Defender

Now, THAT was a proper game... peow ! peow ! peow ! (sigh...)

Sorry, what was everyone else talking about ?...

1
0

Will management start to invest in security?

No. We really really need this feature right now and everyone needs to be able to use it. Can't you just stick a simple plaintext password on it for now and we'll come back to it later when we've got more time...

0
0

In DREAMS!! ALL the hacks IS YANKS!!

Read 'em and weep, but ALL the hacks of ANY hackyness ARE THE YANKS!! Chinese denial hacks don't even touch them!! That's how it is and THAT'S why we're ALL the better off for it!!

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017