The phishing as a never ending challenge of today

By Milica D. Djekic

When we say the phishing, we would first think about some suspicious e-mail getting the malicious link with so. The experience would show that there are so many phishing scenarios and sometimes it’s quite trickery to cope with all of them. So many organizations would pay greatly for the phishing training of their staffs, but the statistics would suggest that over 90% of employees would respond to the phishing scam within an hour after receiving the message. The cyber industry would force its experts to find out some automatic ways of phishing campaigns recognition. The task would appear as a challenge and certainly, it is.

In order to cope with the phishing scams, you would need the expert’s knowledge in your hands. Quite a trickery to obtain, right? In our opinion, what we need is the strong correlation between researchers and applications’ developers, because in that case –  we could count on some satifactionary solutions. The phishing tendencies are changing day by day and there would always be new and new solutions getting produced for the black market needs. So, it’s obvious that the findings were gathered by the defense and intelligence communities could support us in a deeper understanding of this challenge.

The IT security business would support us with so many solutions regarding the phishing concern. Some of that software would work well, but many would be less effective than needed for practical purposes. Would this protect us from that emerging threat? The answer to this question is semi-semi. No one would invent the silver bullet to this problem, so we are not secure enough yet. From nowadays perspectives, security is about risk management. It would not offer you an absolute peace, but it would rather help you get less upset. In other words, there is no place for panic, but there is a good reason to feel uncomfortable from time to time.

In so many cases, the IT phishing operations could get correlated with the intelligently prepared hacker’s attacks. Once you make a click on your phishing link either you would download some malicious file or you would leave your IP address to that web location. In any case, even if you are infected by some malware or you got access to the cybercriminals, you would get led to position to suffer some inconvenient consequences. Practically, the majority of cybercrime operations would begin as a phishing attack. The question is how to make the expert’s system that would recognize the possibility of being exposed to that sort of cyber offense. In the practice, that’s the quite challenging task and even if you invest a lot of time and money to teach the people how to deal with so, your results would be less satifactionary.

The researchers, as well as defense community, should dig hard in order to gain new and new findings of the phishing scams and they should try to offer such intelligence to the cyber industry that should use so for updating its projects, practically, on a daily basis. That would appear like a good method of staying at least a step ahead of the threat.

As it’s well-known, there are some link scanners even being available online that could serve in the malicious link recognition. On the other hand, maybe the link getting embedded into your e-message would not be malicious by its nature, but it would make you leave a trace about your device in the cyberspace. In such a case, many industry leaders would recommend software for connections termination.

The main concern with phishing campaigns worldwide is that some jurisdictions would not recognize cybercrime as a crime. This is especially the case with the developing economies that would suffer the organized crime and corruption in their societies, so they would not understand enough how important it is to care about your cybersecurity. In so many cases, those countries would not have the legal regulations that would support them into their combating the cybercrime and even if they possess any laws for fighting the cybercrime, they could struggle with the lack of skills and expertise amongst their professionals.

This could get a huge threat to the developed economies because through those routes hackers could find a way to come to their IT infrastructure. Also, sometimes someone would get infected with malware simply making a click on a malicious link, but his anti-malware system would not report anything. The reason for this is such malware would not get recognized by his anti-malware protection, because its manufacturer would not get familiar with that threat. Why? The anti-malware software would deal with the database of discovered malicious applications and it would get updated periodically, so if the black market is correlated with some region in the world has launched anything new – such software would stay powerless in front of that threat. In addition,  the cybercrime groups would use their skills to exploit the vulnerabilities of some  IT assets in order to make the big profit on.

Thanks to the internet, our planet is the global village, so far – and it’s not hard to imagine how intelligent hackers could take advantage of that situation. Finally, it’s quite clear that the cybercrime could cost the global economy about several percents of the gross world’s product per a year, so it’s only the imperative more to take seriously such a concern. Also, so many cybercrime groups would get correlated with the organized crime and terrorism and they would serve as their intelligence collectors.

In conclusion, the main challenge remaining behind the phishing attacks is the fact that those scams would offer access to some information system. In order to do the access management within your organization and particularly amongst your IT infrastructure, you should get aware of all possible consequences coming with that challenge. It’s quite rational from the companies’ and governments’ point of view to push hard the cyber industry to produce technological solutions as well as education and training to their staffs because the price that could get paid in case of IT security breaches can be so high.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology, and business. Milica is a person with a disability.