The secret behind Chinese hacking has been revealed by ThreatConnect. CNN Money reports:
The hackers’ techniques don’t sound very sophisticated: They send innocent-looking emails to unsuspecting recipients, whose computers then get infected with malware that trawls for sensitive information.
This graphic from ThreatConnect shows the key role played by spearphishing.
Source: ThreatConnect
This simple technique is devastatingly effective because it is easy to create an email that deceives users into taking the actions desired by the attackers. In its September 24, 2015 first page story, “Sleuths Link Hacker to China’s Military,” the Wall Street Journal describes how a spearphishing email works. The Wall Street Journal writes,
The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea.
How can you help your users fight being deceived? Use SP Guard from Iconix. SP Guard lets IT quickly and easily tell users which senders are trusted.