Training

You are here: Home»Training

The Real Dangers of Spear-Phishing Attacks

Spear-phishing attacks are delivered via a standard approach: email. They appear as ordinary emails. The body of the email may contain a link or an attachment. The immediate objective: to get you give up a little bit about yourself—your personally identifiable information (PII).

Spear phishing is targeted. The attackers did their research, usually through social engineering. They might already know your name or your hometown, your bank, or your place of employment—information easily accessed via social media profiles and postings. That bit of personalized information adds a lot of credibility to the email.

Spear-phishing emails work because they’re believable. People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on the links within the email—compared to 5% for mass mailings—and they click on those links within an hour of receipt. A campaign of 10 emails has a 90% chance of snaring its target.

If you do not recognize a spear-phishing attack, you may not realize you are losing data until it’s too late. By focusing on a particular person, cyber attackers can eventually gain direct or indirect access to critical data, including bank accounts, computer system passwords, work credentials and security clearances. Spear phishing is a precursor to a far more dangerous advanced attack.

Spear-Phishing: The Who and the Why

Anyone can be the target of a spear-phishing attack, whether they accidentally click on an unsolicited survey response or get bamboozled by a fake alert from their bank. While an attacker may not be interested in you specifically, you can be their foothold into a secure computer system that may contain the PII of customers, executives and other personnel as well as critical data, such as intellectual property and financials. In that sense, we are all critical to the safety of our own PII and the business systems we are part of. If you’re in finance, you have access to critical company data. If you’re in sales, you have access to lists of customers and prospects. If you’re in facilities, you may have access to onsite service-call schedules. Everyone has value.

Spear-phishing attacks are not trivial or conducted by random hackers. They are targeted at a specific person, often times by a specific group. Many publicly documented advanced persistent threat (APT) attack groups, including Operation Aurora and the recently publicized FIN4 group, used spear-phishing attacks to achieve their goals.

How to Stop-Phishing Attacks

To stop spear-phishing attacks security teams must first train users to recognize, avoid and report suspicious emails—it is important for every employee to recognize that their roles grant them access to different data, the currency of the information economy. Second, security teams must implement, maintain and update security technology and processes to prevent, detect and respond to ever-evolving spear-phishing threats. Finally, security teams must strive to stay ahead of attackers by investing in actively updated threat intelligence and expertise to meet their needs.

One thing is clear: You cannot discover a new spear-phishing attack by looking at it in isolation. This is how conventional point products such as antivirus and anti-spam software operate. While they can detect some known threats, they will fail to detect unknown threats and spear-phishing attacks.

Working with STORMHAVEN, you can develop fully integrated security solutions that cover multiple threat vectors. A spear-phishing attempt is often part of a blended attack that uses a combination of email, internet browsing and file shares. STORMHAVEN can help connect the dots to discover it in real time. Using a combination of industry-leading technology, threat intelligence and security expertise, STORMHAVEN can help identify:

Which attack groups are likely to use spear phishing

How attackers choose and approach their targets

What their ultimate goals are

What specific steps you can take to prevent or block malicious attacks resulting from spear-phishing emails

To stop spear-phishing attacks and protect your organization’s assets with an integrated security posture, talk with the security experts at STORMHAVEN.

Focus on the People, then the Technology

Cyber criminals, threat actors, hackers—they know cyber crime pays. Your data and technology, stored in networks and the cloud, are vulnerable. And although the tactics, targets and technology of attacks are all important, your most powerful defense against cyber crime is to understand threat actors.

To effectively prevent and respond to cyber crime, you need to establish the motivations and methodology of threat actors. Here are two ways advanced cyber attacks work:

Targeted – Malware, such as spear phishing, is used to reach a specific machine, individual, network, or organization. This malware tends to be signature-less, or otherwise evades antivirus and other traditional cyber security efforts using the criminal's knowledge of the target.

Persistent – Advanced cyber attacks are initiated via a series of email, file, web, or network actions. These individual actions might remain undetected by antivirus or other traditional defenses, or be ignored as harmless or low-priority. However, the malware becomes entrenched and pervasive, and culminates in a devastating attack.

Malware that uses both of these methodologies simultaneously presents an advanced persistent threat, or APT. And any organization in any industry can be a target.

What Cyber Criminals Want

You can defend yourself more effectively and efficiently when you learn what cyber criminals want, because you'll understand your high-value vulnerabilities and your significance as a target.

Economic Espionage

Economic cyber espionage uses APTs to acquire intellectual property and sensitive information. Ultimately, the threat actor seeks a long-term economic advantage, either for themselves or on behalf of their employer. The primary sponsors of cyber espionage include nation states and businesses competitors. No company is safe, and in fact many network breaches often begin with attacks on secondary targets such as vendors in the primary target's supply chain.

Organized Crime

Organized cyber crime uses APTs to realize short-term, rapid financial gain through activities such as credit card theft. Their cyber attacks are designed to evade traditional cyber security measures and remain on a victim’s network for a long period of time. While no business is safe, targets tend to be companies that provide retail and financial services, including banks and credit card processors.

Nuisance Threats and Hackivism

Nuisance threats and hacktivist cyber attacks attempt to interfere with daily business operations, defame web properties and make political statements. While embarrassing, they are typically neither targeted nor persistent. While attackers can be individuals, most are groups such as Anonymous and LulzSec who use botnets or spam to target both organizations and individuals.