Cyber Threats: Spear Phishing Attack
A Spear phishing attack is among the most popular entry points of
cybersecurity breaches. According to a report from Trend Micro, 91% of cyberattacks are initiated by a spear phishing email. A spear phishing attack requires advanced hacking skills and are very hard to detect because they typically rely on the end-user’s opening a file in a personal, targeted email.
There are two methods of spear phishing: “spray and pray” and targeted attacks. In a spray-and-pray attack, an email is sent out to many people within an organization containing a link that some might click on. Targeted attacks are very effective and dangerous because the attacker finds exactly who, within an organization, has access to the information they are looking for and sends a custom email just to that person. Acting as a trusted colleague, friend or company with a- seemingly- harmless attachment or link, users often allow a hacker to create a back-end or sends the receiver to a malware site by downloading said link/attachment.
Trend Micro reports that the most commonly shared file types (XLS, PDF, DOC, DOCX and HWP) account for 70% of spear phishing attachments. This shows how a spear phishing attack is even harder to detect. The report goes on to say that 94% of targeted emails use a malicious file attachment over malicious links.
The most commonly targeted industries of spear phishing attacks are government agencies and activist groups- likely for similar reasons. Government officials and activist leaders typically have contact information and background information readily available to the public, making them easy targets for spear phishing con-artists. Heavy equipment, aviation, and financial organizations are next on Trend Micro’s list of most targeted industries. You can read the full report from Trend Micro here.
Spear-fishing Attack Case Study: LinkedIn
LinkedIn is widely discussed in the cybersecurity industry as being a gold-mine for the hacker’s tool-kit. With over 433 million members, with an overwhelming population of business people, all disclosing their names, where they work, who they work with and- often- their email addresses, why wouldn’t a hacker leverage this tool to launch a spear phishing attack?
In 2012, LinkedIn was the victim of an attack compromising upwards of 117 million user records. Kapersky Lab has been a forerunner of keeping LinkedIn aware and on their toes about data breaches (having given them warnings about their vulnerabilities in the past) and just a few months ago came out with some literature about how users can better protect themselves from having their information put in the wrong hands. You can read their tips about how to protect yourself on LinkedIn here.
Four years later, in May 2016, the attackers from 2012 resurfaced with threats of using the information gathered in the previous breach. As a form of warning- or maybe just gloating- the attackers hacked into the social media accounts of two social media giants: Mark Zuckerberg and Dick Costolo. Nothing drastic happened, they just logged into their social media accounts and started posting fraudulent posts on their respective walls, pages, etc. The pair were able to detect the breaches fairly quickly with no irreversible damage perceived. It is believed that these breaches were results of the 2012 LinkedIn hack.
The key take-away from this breach is: being a high-profile, tech-savvy individual doesn’t safe-guard you. Everyone is at risk of a cyberattack. Be present when interacting online and be clever about protecting your data. According to regional director for Microsoft, Troy Hunt, Zuckerberg’s breach was the simple product of a flimsy password. Hunt also has a site where anyone can see whether their accounts have been compromised. You can check out your accounts on his site here and read more about the Zuckerberg/Costolo attack here. Another resource for better understanding how hackers utilize LinkedIn can be found here at SecureList.com.
Defenses against Spear-Phishing Attacks
When dealing with a spear phishing attack, the best line of defense is comperehensive awareness training. Often times, companies that are hit with spear phishing attacks are confident in their anti-virus, anti-malware and other cybersecurity softwares and technologies, but manager end-points were not so secure. Just like regular phishing attacks, the first line of defense is to remove administrative privileges. This is a quick way to secure a network, control a breach and be able to successfully mitigate the attack.
Spear phishing attacks typically target decision makers within a company. Often pretending to be a trusted colleague, friend or partner company- owners, managers and administrators need to be thoroughly trained and taught about “tells” in these cleverly malicious messages. Aside from awareness training, there are a number of technologies which can greatly decrease chances of a spear phishing email coming through and being entertained.
The Ultimate Product Tool Kit (for defense against spear-phishing):
- End-user Security Awareness Training Program
- Risk and Vulnerability Assessment
- Patch Management of OS and Third-party Applications
- Managed Antivirus
- Web Protection
- Managed Online Backup
Learn how to detect and mitigate cyber threats with our Cyber Threat Detection and Mitigation Certification Training Course!
Start your FREE trial today!