Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Spear phishing paves road for Advanced Persistent Threats

John P. Mello | May 30, 2013
Specialized spam can be more than it seems —it sets up a beachhead for malware mischief.

Cyber intrusions that remain undetected for long periods of time and leak information to hackers and online spooks are on the rise, spearheaded by an aptly-named form of spam called spearphishing.

Between 2010 and 2011, Advanced Persistent Threat (APT) attacks more than doubled, said Firmex, a provider of virtual data rooms. It also noted that 91 percent of APT attacks involved spearphishing.

Phishing and spearphishing are two distinct forms of spam. In fact, while conventional spam declines in favor among hackers, phishing and spearphishing continue to remain popular.

Phishing messages masquerade as communication from a trusted source—a bank or credit card company, for example in order to obtain personal information, such as usernames, passwords or credit card numbers.

Spearphishers want that kind of information, too, and much more. However, their messages pretend to be from very trusted sources—a employee's manager, the head of company's IT department, a friend from Facebook or a headhunter someone's done business with—making the recipient of them very likely to do what the message instructs them to do.

"Spearphishing is by far the most prevalent way that target systems are compromised by APTs," said Paul Ferguson, vice president for threat intelligence at Internet Identity.

"It's because it's not that hard to social engineer their victims into clicking on the wrong link or opening the wrong attachment by masquerading as someone they know or something they're expecting," he told CSO.

Spearphishing is typically a key element in the first stage of an APT attack, said JD Sherry, director of public technology and solutions for Trend Micro. "It's used to gain a foothold in the attack environment," he said in an interview. "It's what miscreants use to start the attack sequence."

If the attackers can establish that beachhead in a network, they can become very difficult to dislodge. "It's very hard to stop an initial infection," said Jack Marsal, marketing director for ForeScout Technologies.

"Enterprises have trying to do this for 15 or 20 years," he said, "but IT security managers know they can't be 100 percent successful."

"Over the last three or four years the situation has gotten worse because the new breed of attackers are using spear phishing techniques and zero-day exploits," he said.

Firmex said the United States leads the world as a source for spear phishing, with 20.8 percent of the attacks originating from American soil, followed by Russia (19.1 percent) and China (16.3 percent).

No industry is spared from the attacks, either. "It's a case of equal opportunity victimization," IID's Ferguson said, "though there does seem to be some industries targeted more than others."

The top industry for APT attacks is defense and aerospace, garnering about 17 percent of the attacks, according to Firmex, followed by energy, oil and gas (14 percent) and finance (11 percent).

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.