E-mail : " The most popular phishing tool"
The online crime groups were shunning mobiles and newer technologies in favour of phishing campaigns, said the report from Verizon.
The annual analysis catalogues more than 100,000 security incidents that hit thousands of companies in 2015. Almost 90% of the incidents involved attempts to steal cash, it said.
The gangs were sticking to booby-trapped emails because they were proving increasingly effective, said Marc Spitler, lead author on the report. And, so far, there was little evidence novel technologies involving net-connected gadgets or smartphones were becoming a popular attack route. About 30% of phishing emails had been opened by people in targeted organizations in 2015, said the report, up from 23% in 2014. This meant, said Mr Spitler, it often took just minutes for criminals to compromise the network of a targeted company.
"The phishing email typically leads to the installation of malware or the compromise of a user's PC by some sort of malicious code that can establish control or persistence on a network," said Mr Spitler. "If an attack works, then it works very quickly," he said. Unfortunately, he added, although companies fell victim quickly, they could take far longer to notice they had been breached.
Statistics gathered for the Verizon report suggest 84% of the organizations questioned took weeks to spot that criminals had won access to internal systems.