Spear fishing
The company Trend Micro, presents the results of a new study of targeted attacks, the material for which was collected in the period from February to September of this year. According to the results, 91% of targeted attacks begin with sending messages ‘Spear fishing’.
These results confirm our earlier conclusion that targeted attacks often begin with ‘stuff’, such as e-mail messages designed to persuade the recipient to open a malicious file as an attachment or click on a link leading to a site with malware or exploits.
Spear fishing – a new type of phishing attack, a distinctive feature – the use of malicious information on the alleged victim to make the message more ‘individual’ and better disguise their intentions. For example, these may contain a reference to the addressee by name, position and title instead of the standard ‘de-identified’ titles like “Good day,” or “Dear Sirs.”
According to the report “Spear Phishing – the most common prelude to APT-attack” (Spear Phishing Email: Most Favored APT Attack Bait), 94% of these messages as a ‘payload’ have an attachment with a malicious file, which is a source of infection. The remaining 6% of the attackers use alternative methods, for example, convince a user to click on dangerous links or download files that contain malicious code. The reason for this unequal relationship is obvious: the employees of large companies and government agencies usually share files (such as reports, business documents or resume) by e-mail, as the downloading of content directly from the Internet is considered to be unsafe.
Infection chain that starts when a spear-phishing email is opened
Key findings from the study:
70% of investments in phishing messages sent, analyzed during the study period, were the most common file formats. The most commonly used file types are. RTF (38%),. XLS (15%). ZIP (13%). Executable files (. EXE) is not particularly popular among cybercriminals primarily because messages with attachments. EXE, usually easily detected and blocked by means of IT security.
The most frequent victims of phishing were directed government institutions and NGOs. Public government web sites often provide public information about the state institutions and officials. Community organizations that are active in social networks, also willing to share information on their participants, as it facilitates communication, events and recruiting new members. Many members of public organizations have public profiles on the network, which makes them an easy target for attackers.
As a result, 75% of the email addresses of potential victims can easily be found by a simple search on the Internet or ‘to pick up’, using standard model of formation of the address.
