Isn't it true, that most large, APT-type attacks, involved spear phishing? I've made this list of spear-phishing attacks (http://spearphishing.blogspot.com), and realized that Stuxnet is the only such attack where spear-phishing did not play key role, that comes to my mind. But surely there were more?
no plus ones
Shared publicly•View activity
- Interesting question. How could one get a data set to determine what "most" constitutes? Spear-phishing, by its nature, is hard for third parties to observe...Oct 5, 2011
- My point is that it is hard to get spear phishing data so it is hard to assess the ratio of attacks.Oct 5, 2011
- I think it is interesting, but I worry about whether we're seeing a representative sample of attacks. I would like to think our obvious conclusion is correct but the scientist in me worries about whether I've seen a representative sample.Oct 6, 2011