Spear Phishing Threats & Trends

Uploaded on 2020-04-09 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

Spear phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for criminal reasons. A highly targeted form of phishing, spear phishing involves bespoke emails being sent to well-researched victims. 

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cyber criminals may also intend to install malware on a targeted user's computer. 

Barracuda Network researchers worked with leading researchers at UC Berkeley and UC San Diego, to study the growing threat to business of email account crime using Spear Phishing methods.

It is all hard to spot without close inspection and difficult to stop with technical controls alone. In 2016 the Fancy Bear attack group used spear phishing tactics to target email accounts linked to Hilary Clinton’s 2016 presidential campaign. They attacked more than 1,800 Google accounts and implemented the accounts-google.com domain to threaten targeted users
And so spear phishing is achieved by acquiring personal details on the victim such as their friends, hometown, employer, locations they frequent, and what they have recently bought online. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging. 

While regular phishing campaigns go after large numbers of relatively low-yield targets, spear phishing aims at specific targets using specially emails crafted to their intended victim. 

Often government-sponsored hackers and hacktivists are behind these attacks. Cyber criminals do the same with the intention to resell confidential data to governments and private companies. These cyber criminals employ individually designed approaches and social engineering techniques to effectively personalise messages and websites. As a result, even high-ranking targets within organisations, like top executives, can find themselves opening emails they thought were safe. That slip-up enables cybercriminals to steal the data they need in order to attack their networks.

Email account takeover attacks are a widespread and effective attack that enterprises need to defend against. 
In email account takeover, the attackers use legitimate enterprise accounts they’ve recently compromised to send lateral phishing emails to an array of recipients, ranging from close contacts within the company to partners at other organisations. 
Because attackers send these lateral phishing emails from legitimate accounts, they can effectively fool many existing email protection systems and unsuspecting users. 

In email account takeover, the attackers use legitimate enterprise accounts they’ve recently compromised to send lateral phishing emails to an array of recipients, ranging from close contacts within the company to partners at other organisations. 

Email account takeover and lateral phishing present a growing threat to enterprise organisations. 1 in 7 organisations experienced lateral phishing attacks within a seven-month timespan, based on a random sample of enterprise organisations. 
Of the organisations who suffered from this attack, over 60 percent experienced multiple incidents. Because email account take-over takes advantage of compromised, but nonetheless legitimate, enterprise accounts, these attacks are effective and particularly insidious. 

Over 11 percent of attacks successfully compromised additional employee accounts and over 42 percent of the lateral phishing incidents do not appear to have been reported by a recipient to the organisation’s IT or security team. 

Lateral phishing attacks rely on two popular narratives to trick their victims into falling for the attack: “account error” and “shared document” lures. While 63 percent of the lateral phishing incidents used generic and commonplace messages, 37 percent tailored their content to be more enterprise-oriented or highly specific to the victim organisation. 
A full 98 percent of the lateral phishing incidents occurred during a weekday. 

The study also looked at whether lateral phishing emails occurred at unusual hours by comparing the times when the lateral phishing emails were sent versus the historical times when the hijacked accounts usually sent benign, work emails. from this analysis, researchers found that 82 percent of lateral phishing attacks were sent by an attacker during the compromised account’s typical working hours. 

Spear-phishing attacks targeting high-level executives are often known as whale phishing attacks, and usually involve an attacker attempting to impersonate the CEO or similarly important person within the company with the aim of using superiority to coerce the victim into making payments or sharing information. 

The most obvious warning sign is an incorrect email address or one that looks similar to one you expect but is slightly different, although email addresses can be spoofed or may not be noticeably different without close inspection.

How to Defend against Lateral Phishing 

Security Awareness Training 
Improving security awareness training and making sure users are educated about this new class of attacks will help make lateral phishing less successful. Organisations can put both technical and human controls into place to mitigate the threat of spear phishing. Along with standard controls such as spam filters, malware detection and antivirus, companies should consider phishing simulation tests, user education, and having an established process for users to report suspicious emails to the IT security team. 

Advanced Detection Techniques 
Organisations should invest in advanced detection techniques and services
that use artificial intelligence and machine learning to automatically identify phishing emails without relying on users to identify them on their own. 

Two-factor Authentication 
Traditional security often doesn't stop these attacks because they are so cleverly customised. As a result, they're becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments and even nonprofit organisations. 

With stolen data, fraudsters can reveal commercially sensitive information, manipulate stock prices or commit various acts of espionage. In addition, spear phishing attacks can deploy malware to hijack computers, organising them into enormous networks called botnets that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary.

One of the most important things that organisations can do to help mitigate the risk of lateral phishing is to use strong two-factor authentication, such as a two-factor authentication app, or a hardware-based token. 

Baracuda:       Kaspersky:      BitPipe:       CSO Online:     Guardian

You Might Also Read:

Dealing With Malicious Emails:

Phishing Scams: UK Tax Service Issues A Warning:

 

 

 

« Cyber Attacks Up 500% In A Month
Marriott Hotels - Millions Hacked Again »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Crosser

Crosser

The Crosser Platform enables real-time processing of streaming or batch data for Industrial IoT, Data Transformation, Analytics, Automation and Integration.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Google for Startups

Google for Startups

Google for Startups is Google’s initiative to help startups thrive across every corner of the world.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Netsurit

Netsurit

Managed IT, Cloud, and Security Services. Netsurit is Your IT Innovation and Digital Transformation Accelerator.