- It's very hard to distinguish between legitimate and illegitimate emails.
- Classic attacks can still be valid today! At Truesec, we do a lot of fancy attacks using the latest research; however, most organization are still vulnerable to simple download links and instructions.
- Sometimes, a combination can be highly effective; for example, email and phone.
- Good preparation increases the chance of success. If, for example, we didn't know about the IDS configuration, we could have failed to set up a successful communication channel.
- Custom malware will usually not be detected by antivirus or IDS.
In more advanced attacks, we use file-less malware, zero-day vulnerabilities, and obfuscation of origin, such as domain ...