In the last weeks I have been making some presentations on different Cyber Security Events in different Cities and with different attendants, but there is always a common question in all of them:
- "Can you talk us about the new Threats?".
My response is always the same:
- "Don't you have enough with the old ones?"
I understand people can be worried about all Cyber espionage, Cyber Crime, Cyber attacks campaigns, but at the end of the day everything remains the same: "Nobody reads the F#@ Manual".
When talking about Dragonfly we have been dealing with old attack vectors:
- Phising
- Compromising vulnerable Web Sites
In the last 8 ENISE congress, some representative from the NATO Security Network Area was describing the top attacks NATO was registering, and surprisingly they were: Phising and DDOS.
May be the malware associated with the phising campaigns is more sophisticated (on the second round), but there must be always someone who press the attach link to activate the malware.
Why don't we stop the old attack vectors before proceeding to the new threats defenses ?
