Finance and human resource departments, those holding some of the most sensitive corporate data, are the worst performers when it comes to detecting online scams, falling behind by a margin of 4% to 9% compared to other departments.
McAfee Labs has released the McAfee Labs Threats Report: August 2014, revealing that phishing continues to be an effective tactic for infiltrating enterprise networks.
Testing business users’ ability to detect online scams, the McAfee Phishing Quiz uncovered that 80% of its participants failed to detect at least one of seven phishing emails.
Since last quarter’s Threats Report, McAfee Labs has collected more than 250,000 new phishing URLs, leading to a total of nearly one million new sites in the past year.
Not only was there an increase in total volume, there was a significant rise in the sophistication of phishing attacks occurring in the wild.
Results showed both mass campaign phishing and spear phishing are still rampant in the attack strategies used by cybercriminals around the world.
Meanwhile, the United States continues to host more phishing URLs than any other country.
“One of the great challenges we face today is upgrading the Internet’s core technologies to better suit the volume and sensitivity of traffic it now bears,” says Vincent Weafer, senior vice president for McAfee Labs.
Weafer notes that every aspect of the trust chain has been broken in the last few years—from passwords to OpenSSL public key encryption and most recently USB security.
"The infrastructure that we so heavily rely on depends on technology that hasn’t kept pace with change and no longer meets today’s demands,” said Weafer.
Findings also revealed new cybercrime opportunities since the public disclosure ofthe Heartbleed vulnerability, as stolen data from stillvulnerable websites is currently being sold on the black market.
Lists of unpatched websites have quickly become hit lists for cybercriminals and tools are readily available to mine unpatched sites. With these tools, it is possible to tie together an automated system that targets known vulnerable machines and extracts sensitive information.
“It is alarming that phishing presents such a security challenge today, especially here in Asia Pacific,” said Wahab Yusoff, Vice President of McAfee Southeast Asia.
Yusoff revealed that business users in this part of the world seem the least prepared to detect scams, with 90% of Southeast Asian respondents — compared to 84% in Asia Pacific and 79% globally —missing out on identifying at least one of the phishing emails in McAfee's test.
“As always, it is best to continue being cautious when opening up emails. The best defense would be to keep Internet, network, email and endpoint security updated,” he added.