Fresh from a cyber attack that prevented some US customers from accessing e-mail on Monday, e-mail security solutions provider, Mimecast says spear phishing can happen to anyone at any level of an organisation or business.
"Mimecast experienced malicious traffic from multiple IP addresses, targeting its US network. This resulted in service disruption for US customers," Mimecast chief executive Peter Bauer said in a statement this week.
Mimecast senior sales engineer, Giulio Magni, says there is now more awareness around phishing attacks and how to spot a phishing attempt.
Evolving techniques
He explains that cyber criminals have been forced to evolve their techniques to make them more targeted in order to bypass the usual security software and increasing tech savviness of recipients.
"Today with people becoming even more reliant on e-mail for both personal and business use, spear phishing is far more attractive. This is because the opportunity for utilising that information for a bigger more meaningful attack, rather than a spray and pray smaller attempt, makes it worth the additional effort," says Magni.
Security solutions vendor Trend Micro says spear phishing is highly targeted phishing aimed at specific individuals or groups within an organisation. According to Trend Micro, 91% of targeted attacks involve spear phishing e-mails. The recent devastating data breaches that victimised millions of users (Target and JP Morgan for example) were mostly caused by targeted e-mails, aka spear phishing.
In addition to larger enterprises, many small to mid-size businesses are being targeted because they may be a "backdoor" gateway into larger corporations, the vendor says. Also, it adds, smaller enterprises are usually an easier target because they typically have smaller IT staffs and less security infrastructure in place.
Trend Micro says having a strong e-mail security solution that can protect employees from targeted attacks is essential to keeping a business safe, regardless of its size.
Big payback
Magni points out that due to a dependence on e-mail, spear phishing is thriving and has evolved, making it incredibly profitable, especially in the corporate sector where a successful attack could result in a big payback.
Employees require education and awareness to interrogate e-mails, Magni urges. "Hovering over suspicious links in an e-mail to check where they point to is one of the first steps." Additionally, if something seems strange about the tone of an e-mail, or if it is unexpected, phone the sender to query it and confirm if it is real. These are necessary steps to avoid being compromised.
"You may be unaware that your business is in the crosshairs of a cyber criminal. Typically, the attackers have already sent targeted e-mails to someone within an organisation. Some of these e-mails contain malicious links, but many don't. They won't send the main attack until they've built up trust with said person," says Magni.
In many cases, he explains, the targeted person is the weak link the attacker is hoping for. "They share a great deal of their personal information online, which makes it easy to learn about their likes and dislikes.
"They'll use that knowledge to convince this person, over the course of a few months that they are legitimate. They do so by baiting the person with something which speaks to their interests, such as business conferences, product discounts or something similar. This will eventually enable the attacker to obtain access to this person's username, password, identity number or even their bank and credit card numbers."
Magni notes that the attacker will continually send emails building up the level of trust with the person, until an e-mail is sent with a link to a website that appears be safe, but it's actually just a front for a malicious webpage.
"Without knowing, the person uses this Web site and gives away their network credentials and credit card information, and inadvertently allows malware to be downloaded to their desktop. This gives the attackers access to their system. Malware is then uploaded and could be deployed across the business's systems, releasing sensitive information right into the waiting arms of the attacker."
Share