When you look at the zero days exploits that were being used, it's clear that all of them could be easily tackled with a combination of anti-exploit, anti-executable, and sandboxing.
Many options to prevent exploits but not that many when it comes to phishing. Educating users would probably be the best, but you know it usually goes when user is a weak link.
Correct, but there are tools that can protect against phishing. Also, even if a user runs malware manually via email attachment, then a sandbox could protect against it. What I'm basically trying to say is that there is almost no excuse anymore if you're successfully being hacked. There are plenty of tools available to tackle all of these threats, even against advanced zero days.
I'm not following. This isn't about stealing usernames and passwords via phishing mails. It's about getting malware to run on systems, and when malware is involved, this can be stopped. I just read about attacks on two Dutch companies. In the first one, hackers managed to make the user run ransomware via attachment, in the second they installed a RAT Trojan (via tricked user) in order to steals thousands of bucks. User awarenesses training will also help a lot.
Minimalist is absolutely correct. With all my security software, one night last year I was tired and without thinking I ended up giving away my banking credentials to a phishing email. About the time I clicked send the brain kicked in and I realized what I'd done, so I immediately called my bank and shut it down. No harm was done, but it was a nuisance as I had to re do the bank stuff.
Yes correct, it is a problem, but common sense will help a lot. For example, always navigate directly to sites before logging in. Or use two-factor authentication for important sites. There are also tools designed to protect credentials, like Trusteer Rapport and Netcraft, and I'm sure there are more advanced tools available for the enterprise. In other words, there is no excuse for small businesses, big corporations and governments that are getting hacked successfully via either advanced or simple attacks.
Rasheed you are still not wanting to accept the point. All of those things can fail, if some one is tired or accidently distracted. It happens to the best of us
@Rasheed187 So to sum your posts - antiexploit, antiexecutable, sandboxing, 2FA, Trusteer Rapport and Netcraft and you are 100% secure. System is protected and user is also protected against themselves (or their mistakes). You should notify government and big corporations that you've found silver bullet for all their security problems. * sorry about my sarcasm.
Guys, this is getting silly. I'm saying that there is ALMOST no excuse, of course 100% security is not possible. I agree that most hacks are successful because of human failure. But the tools and knowledge to stay safe are all available. You guys act like I'm saying something new or groundbreaking.
This is the stuff that I read about on a weekly basis. These are not super advanced attacks, and can all be easily stopped, with tools like SentinelOne, Invincea and Barkly to name a few. http://www.heraldbulletin.com/news/...cle_7afe9426-a6e7-11e6-9277-effda238af55.html http://blog.trendmicro.com/trendlab...-spear-phishing-before-zero-days-get-patched/ https://www.barkly.com/how-barklys-endpoint-protection-works