Phishing is the starting point for most data breaches. People are the weakest link to an organization’s security posture. Current approaches to controlling the proliferation of phishing have shown no signs of success. Imperva advocates the widespread use of Web Application Firewalls (WAFs) to prevent cybercriminals from gaining access to compromised servers and launching phishing campaigns. Researchers from the Imperva Defense Center working with Intsights*, an intelligence driven security provider, have discovered how cyber criminals are lowering the cost of phishing by enabling Phishing as-a-Service (PhaaS) using compromised web servers.
The Hacker Intelligence Initiative (HII) research report from Imperva shows that PhaaS is 2X more profitable and 1/4th the cost of an unmanaged phishing campaign. The traditional approaches focus on training people and deploying better malware detection, but training people has barely made a dent. The Verizon Data Breach Investigations Report (DBIR) from 2016 shows a disturbing trend of more users being susceptible to phishing in 2016 versus the previous year. Most endpoint protection software have increased the attack surface of an enterprise and possibly allow attackers access to the enterprise network.
Every enterprise has deployed a next generation firewall raising the barrier for network breaches and forcing hackers to exploit vulnerabilities of the users with the use of phishing. Our approach is to the choke the supply of compromised servers and contain phishing by making it expensive and cumbersome for hackers to launch phishing campaigns.
Find out more about how to prevent your web infrastructure from being exploited by PhaaS by downloading the full report. Download the full infographic here.
*Intsights worked with Imperva to expose the hackers identities as well as assist with understanding the costs of phishing attacks in both Phishing-as-a-Service and in traditional Phishing models.
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.