Spear-phishing attackers target US holidays
Attacks increase when security operation centres likely to be understaffed
By Ellen Messmer | Network World US | Published: 10:47, 14 February 2012
Phishing attempts against workplace email accounts drop precipitously on Christmas and New Year's Day, but spike dramatically during American holidays, according to a report from security company FireEye.
Attackers seem to be hard at work on US holidays, including Independence Day, Labor Day, Columbus Day and Thanksgiving when attack levels spike strongly upward, according to FireEye's "Advanced Threat Report - 2011" which summarises patterns of malware-based attacks seen against its customers during the course of last year. But Christmas and New Year's represents the opposite, when "attack levels dropped off well below the average," the report says. There's only speculation that "there are significantly fewer employees working during those holidays, so there are fewer opportunities for targeted users to actually open malicious attachments."
The worst holiday for phishing email seems to be Labor Day, when malicious email increased 1,353% over the average. Columbus Day was second, when phishing rates jumped 549%. FireEye speculates that "spear phishing attacks increase when enterprise security operations centres are lightly staffed or understaffed, particularly during holidays."
Related Articles on Techworld
In other efforts to decipher the meaning of patterns of malicious activity spotted on customer networks, FireEye also pointed out that of the thousands of malware families, the top 50 generated 80% of successful malware infections. FireEye cited the toolkit called Blackhole as a prominent criminally used toolkit in 2011 to "drop" malware on vulnerable machines.
FireEye's report identifies various information-stealing programs, calling out the six top malware programs in 2011 as Zbot, Sality, LdPinch, Licat, Zegost and Clampi.
Interestingly, the well-known Conficker worm "continues to remain one of the more popular worms infecting machines worldwide," even three years after it was first detected.
Based on its detection methods, FireEye believes more than 95% of enterprises had malicious infections somewhere in their networks each week, while 80% averaged an infection rate of more than 75 per week.
