91% of cyberattacks begin with spear phishing email
Spear phishing makes use of information about a target to make attacks more specific and 'personal'
By Antony Savvas | Computerworld UK | Published: 15:21, 28 November 2012
Some 91% of cyberattacks begin with a "spear phishing" email, according to research from security software firm Trend Micro.
Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific and “personal”.
These attacks may, for instance, refer to their targets by their specific name or job position, instead of using generic titles like in broader phishing campaigns.
Related Articles on Techworld
The goal of a spear phishing attack is to trick the victim into either opening a malicious file attachment or clicking a link to a malware- or an exploit-laden website, which could compromise the victim’s network.
According to a Trend Micro report 94% of targeted emails use malicious file attachments as the payload or infection source. The remaining 6% use alternative methods such as installing malware through malicious links.
"We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve”, said Rik Ferguson, director of security research and communications at Trend Micro. “Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks."
Ferguson said the abundance of information on individuals and companies online makes the job of creating extremely credible emails "far too simple".
The most commonly used file types for spear phishing attacks accounted for 70% of them. The main file types were .RTF (38%), .XLS (15%) and .ZIP (13%).
Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments are usually detected and blocked by security systems, said Trend.
Trend said the most highly targeted industries for spear phishing were government and activist groups. Information about government agencies and appointed officials are readily found on the internet, said Trend, and often posted on public government websites.
Because activist groups are highly active in social media, and are also quick to provide member information - in order to facilitate communication, organise campaigns or recruit new members - member profiles are highly visible targets.
Trend said 75% of email addresses for spear phishing targets are easily found through web searches or using common email address formats.
If firms are going to tackle spear phishing they'll need to make sure they have the right protection in place though. Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, a recent analysis by security firm Imperva concluded.
The Imperva team ran a collection of 82 new malware files through the VirusTotal system that checks files against around 40 different antivirus products, finding that the initial detection rate was a startling zero.