Feeds

Beware the malware-tipped SPEAR TRAP in your inbox

That person who knows all about you? Not your friend

Internet Security Threat Report 2014

The vast majority (91 per cent) of targeted attacks begin with a spear phishing email, according to a new study by Trend Micro.

Spear phishing is a form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for example, refer to their targets by their specific name, rank, or position at the organisation instead of using generic titles common in broader (consumer focused) phishing campaigns. The end goal is usually to trick prospective victims into opening a malicious file attachment (in 94 per cent of cases) or to follow links to an exploit-laden site.

The most commonly used and shared file types accounted for 70 per cent of the total number of spear phishing email attachments during the period of Trend's study, between February and September this year. The main file types were: .RTF (38 per cent), .XLS (15 per cent) and .ZIP (13 per cent). Executable (.EXE) files were not as popular among cybercriminals, most likely because emails with .EXE file attachments are usually detected and blocked by security products at the edge of corporate networks, long before they reach the in-box of prospective marks.

Targeted attacks are often malware-based and designed to infect networks, stay resident, explore, further infect and steal information. This information can be anything from emails to technology blueprints, policy documents or research.

Aside from spear phishing, other tactics that have been noted in targeted attacks include the use of removable media (USB, CD etc), theft of credentials giving access to systems and networks (eg, VPNs).

Spear phishers most frequently target government and activist groups. Details of government agencies and appointed officials are often posted on public government websites.  Members of activist groups are often active in social media, and are also quick to provide member information in order to facilitate campaigning or recruit new members. As a result, three out of four of the targeted victims’ email addresses were easily found through web searches or using common email address formats.

The percentage of malicious attachments in emails has been in steady decline over recent years. But the researchers insist this trend is likely to reverse itself, bringing with it extra spam and the need to redesign corporate defences, according to Trend Micro.

"We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve,” said Rik Ferguson, director of security research and communications at Trend Micro. “Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks."

"We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored."

Trend's study can be found here (PDF). ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.