Attackers are increasingly using stolen user credentials to gain access to systems, according to recent data breach studies, and the DNS attack illustrates that finding. Spearphishing a targeted email, crafted with a convincing message, is designed to trick users into freely giving up their credentials.
Awareness training can make end users more suspicious about messages with links and attachments, said Bit9 CSO Nick Levay. Clearly communicate that the IT team is always happy to vet the legitimacy of a message and would rather err on the side of caution than end up with a system compromise, Levay said. Best practices recommend training sessions that are sustained over a period of time. They should focus on specific topics and be relevant to employees.