Shared publicly  - 
 
Isn't it true, that most large, APT-type attacks, involved spear phishing? I've made this list of spear-phishing attacks (http://spearphishing.blogspot.com), and realized that Stuxnet is the only such attack where spear-phishing did not play key role, that comes to my mind. But surely there were more?
The Spear-Phishing Report. Phishing means - to me - attacks on computer users, based on tricking them into believing they communicate with a trusted entity - when in fact they communicate with the att...
1
Perry Metzger's profile photo
3 comments
 
Interesting question. How could one get a data set to determine what "most" constitutes? Spear-phishing, by its nature, is hard for third parties to observe...
 
My point is that it is hard to get spear phishing data so it is hard to assess the ratio of attacks.
 
I think it is interesting, but I worry about whether we're seeing a representative sample of attacks. I would like to think our obvious conclusion is correct but the scientist in me worries about whether I've seen a representative sample.
Add a comment...