Almost all the successful hacks against U.S. companies that cybersecurity specialists from FireEye responded to over the past year originated as phishing attacks — but that’s better news than it might at first appear, CEO Kevin Mandia said Tuesday.
That’s because, of the non-U.S. incidents they responded to, almost half were accomplished by directly exploiting vulnerabilities in an internet-facing server.
“Internationally … we found about 50-50 [spear-phishing and] the internet-facing server being compromised by exploits without involving spear-phishing,” he said.
SQL injection, in which commands are delivered to an internet-facing server through the text boxes provided for login or search functions on a webpage, is a classic form of direct server exploitation.
Spear-phishing attacks — in which an employee clicks on a link or email attachment loaded with malware, downloading it onto the machine they are using — are generally designed to allow hackers to steal username and password credentials. These are then used to get into the network.
But if hackers can directly exploit a server, there’s no need to compromise an employee credential.
“What that told me,” said Mandia of the preponderance of phishing attacks in the U.S. “is that the health and welfare of our internet-facing infrastructure in the U.S. has gone up” because those U.S. organizations couldn’t be hacked by exploiting their servers directly.