Huge headlines about the Yahoo cyber indictment by the FSB should be a wake call to all businesses, however what has not been promoted by the media was the use of spearphishing which was highlighted in paragraph 17 of the Indictment:
In some instances, the conspirators used email messages known as “spear phishing” messages to trick unwilling recipients into giving the co-conspirators access to their computers and accounts. Spear phishing messages typically were designed to resemble emails from trustworthy senders, and to encourage the recipient to open attached files or click on hyperlinks in the messages. Some spear phishing emails attached or linked to files that, once opened or downloaded, installed “malware”-malicious code or programs-that provided unauthorized access to the recipient’s computer (a “backdoor”). Other spear phishing emails lured the recipient into providing valid login credentials to his or her account(s), thereby allowing the defendants to bypass normal authentication procedures.
It’s clearly time for all businesses to learn how to be better protected from cyber attacks including spearphishing!