USA: +1(669)289-8683 
Sign in
ryan harris | a day ago | 404 words
While I feel that any of the threats listed are dangerous, phishing might be the most dangerous because of the amount of people it affects. Phishing is described as sending an unsolicited email, message, or phone call under the guise of a legitimate source and lures the user into accepting malware or disclosing personal information. (Bayuk et al, 2012). The reason that these are so threatening is that an adversary can send out phishing emails in mass quantities with very little fear of reprisal. In 2014 it was estimated that over $15.4 billion dollars was stolen in total, due to identity theft. (Gredler, 2016). Every year Verizon releases the Data Breach Investigation Report (DBIR) that outlines the most common breaches, tactics used and common trends. In the 2017 DBIR it was determined that 66 percent of the attacks involved malware that was installed via malicious email attachments. (Verizon, 2017). 95 percent of phishing attacks that lead to a breach were then followed by software installation. This is a very real threat that affects a vast majority people world-wide, more than the other types of threats listed.
Another threat that isn’t listed, but is also very dangerous is Man-in-the-middle style attacks. MitM involves the attacker intercepting communications from the user before the recipient gets the information, and inversely impersonates the user. (Bayuk et al, 2012). This can be done with cellular or wireless technology, and the victim may not know that they are being monitored. This form of attack is a type of eavesdropping and can perpetuate identity theft. The attackers usually access an unsecured, weak, or open network and insert their tools. In 2015 almost 50 individuals were arrested for using MitM attacks to intercept payment requests that were made via Email. (Vaas, 2015). The suspects had used social engineering and phishing to install malware on company networks. After the malware was installed they were able listen in on transaction data and payment requests. In this case, a more malicious attack was instigated by simple phishing attempts.
