If attackers have to phish your employees, it means they can’t get at your servers.
Almost all the successful hacks against U.S. companies that cybersecurity specialists from FireEye responded to over the past year originated as phishing attacks — but that’s better news than it might at first appear, CEO Kevin Mandia said Tuesday.
That’s because, of the non-U.S. incidents they responded to, almost half were accomplished by directly exploiting vulnerabilities in an internet-facing server.
“Internationally … we found about 50-50 [spear-phishing and] the internet-facing server being compromised by exploits without involving spear-phishing,” he said.
SQL injection, in which commands are delivered to an internet-facing server through the text boxes provided for login or search functions on a webpage, is a classic form of direct server exploitation.
Spear-phishing attacks — in which an employee clicks on a link or email attachment loaded with malware, downloading it onto the machine they are using — are generally designed to allow hackers to steal username and password credentials. These are then used to get into the network.
But if hackers can directly exploit a server, there’s no need to compromise an employee credential.
“What that told me,” said Mandia of the preponderance of phishing attacks in the U.S. “is that the health and welfare of our internet-facing infrastructure in the U.S. has gone up” because those U.S. organizations couldn’t be hacked by exploiting their servers directly.