this post was submitted on 15 Jul 2024
543 points (96.3% liked)

Cybersecurity - Memes

1964 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Sam1232188@lemmy.fmhy.ml
Alphadef@programming.dev
CannaVet@lemmy.world
543
Phishing (feddit.org)
submitted 3 months ago by cron@feddit.org to c/cybersecuritymemes@lemmy.world
22 comments fedilink hide all child comments
 

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.

you are viewing a single comment's thread
view the rest of the comments
[–] slazer2au@lemmy.world 95 points 3 months ago (2 children)

There are very few one click total compromises out there.

Most of the time clicking on the link will get to a phishing page to harvest credentials or prompt to download a zip or pdf which has the actual malware exploit/payload.

[–] cron@feddit.org 40 points 3 months ago

True, in many cases there is a whole chain of vulnerabilities and misconfigurations, and everything starts with one phishing mail. For example:

  • successful phishing
  • VPN without 2FA, allowing the attacker access to company services
  • internal services with vulnerabilities, allowing the attacker to compromise a server
  • permission misconfiguration, allowing lateral movement

That was the point of this meme. It is not phishing alone that gets the company in trouble, its mostly a series of misconfigurations.

I think that in cyber security, we have to assume that phishing will be successful sometimes - and be prepared when it happens.

[–] Buelldozer@lemmy.today 4 points 3 months ago

Yep and then whatever is trying to execute should be limited by user permissions, app whitelists, EDR / MDR, and a pile of other defenses.