this post was submitted on 15 Jul 2024
527 points (96.1% liked)

Cybersecurity - Memes

1802 readers
326 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
527
Phishing (feddit.org)
submitted 1 month ago by cron to c/cybersecuritymemes@lemmy.world
20 comments fedilink hide all child comments
 

If a single click on a phishing email can ruin the entire company, the blame doesn't lie with that individual.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] slazer2au@lemmy.world 93 points 1 month ago (2 children)

There are very few one click total compromises out there.

Most of the time clicking on the link will get to a phishing page to harvest credentials or prompt to download a zip or pdf which has the actual malware exploit/payload.

[โ€“] cron 40 points 1 month ago

True, in many cases there is a whole chain of vulnerabilities and misconfigurations, and everything starts with one phishing mail. For example:

  • successful phishing
  • VPN without 2FA, allowing the attacker access to company services
  • internal services with vulnerabilities, allowing the attacker to compromise a server
  • permission misconfiguration, allowing lateral movement

That was the point of this meme. It is not phishing alone that gets the company in trouble, its mostly a series of misconfigurations.

I think that in cyber security, we have to assume that phishing will be successful sometimes - and be prepared when it happens.

load more comments (1 replies)