Earlier this year, health insurer Anthem Inc. reported that it suffered a massive breach in which 80 million members where affected. According to reports, attackers executed a sophisticated targeted attack to gain unauthorized access to Anthem’s IT system and obtain personal information records stored within. While some people may know a little about corporate data breaches, few know how it’s actually done, or the methods cybercriminals use to execute an attack.
In a targeted attack, attackers have a certain level of expertise and have sufficient resources to execute their schemes over a long period of time. In cases where the breach indeed resulted from a targeted attack, it is important to know that attackers can adapt, adjust, and improve their attacks to counter their victim’s defenses.
Attackers utilize various social engineering techniques that leverage recent events, work-related issues, and other areas of interest pertaining to the intended target. Techniques like the use of backdoors, zero-day or software exploits, watering hole, and spear phishing are the most common methods used to gain information.
While phishing and spear phishing share similar techniques, they are not to be confused. Phishing is a generally exploratory attack that targets a broader audience, while spear phishing is a targeted version of phishing. They are different in the sense that phishing is a more straightforward attack—once information such as bank credentials, is stolen, the attackers have pretty much what they intended to get. In spear phishing, the successful theft of credentials or personal information is often only the beginning of the attack, because it's only used to gain access to the target network—a move that ultimately leads to a targeted attack.
What is Spear Phishing?
As mentioned above, spear phishing is a targeted form of phishing in which fraudulent emails target specific organizations in an effort to gain access to confidential information. Its tactics include impersonation, enticement and access-control bypass techniques like email filters and antivirus. The objective of spear phishing and phishing are ultimately the same—to trick a target into opening an attachment or click on a malicious embedded link.
In a recent case, a spear phishing campaign pretended to be Electronic Frontier Foundation (EFF). Based on reports, a new domain masqueraded as an official EFF site. The campaign tricked users into a false sense of trust in a spear phishing email. As identified by Trend Micro, the incident seems to be part of a larger attack known as Pawn Storm, a targeted attack campaign that has been associated with the Russian government.
This attack has shed light on an incident that involved sending spear phishing emails to only three employees of the legal department of a billion-dollar multinational firm. Fortunately, nobody clicked on the malicious links. As it turns out, the company was involved in a critical legal dispute, hence, the attack reflected the attackers' clear economic espionage motive.
How does Spear Phishing work?
Spear phishing focuses on specific individuals or employees within an organization and social media accounts such as Twitter, Facebook, and LinkedIn to specifically customize accurate and compelling emails. These emails contain infected attachments and links. Once the link is opened, it executes malware that leads the target to a specific website. The attackers can then establish their networks and move forward with the targeted attack.
Defending Against Spear Phishing
Any form of phishing can ultimately lead to the compromise of sensitive data. If neglected, a company could succumb to a targeted attack, which could result in data breaches, as seen in notable incidents like the ones that affected JP Morgan, Home Depot, and Target—all of which were attributed to spear phishing. Consequently, these companies lost millions of dollars along with stolen customer records.
Similar to these recent data breach incidents, many small to mid-size businesses are being targeted along with larger enterprises, as attackers see them as a backdoor gateway into larger corporations. Also, due to the relatively smaller IT staff in small companies, it easier for attackers to target them as they're likely to have less security infrastructure in place.
Because email is the most common entry point of targeted attacks, it is important to secure this area against likely spear phishing attacks. Employee education is highly critical to combat different phishing techniques. Training employees to spot misspellings, odd vocabulary, and other indicators of suspicious mails could prevent a successful spear phishing attack. Additionally, enterprises need an expanded and layered security solution that provides network administrators the visibility, insight, and control needed to reduce the risk of targeted attacks regardless of vector of choice.
Trend Micro Custom Defense rapidly detects, analyzes, and responds to advanced targeted attacks. To defend against spear phishing, Deep Discovery Email Inspector helps identify and block spear phishing emails at the initial phase of most targeted attacks. It reduces the risk of attacks by adding a transparent inspection layer that discovers malicious content, attachments, and URL links that pass unnoticed through standard email security.
The Trend Micro Smart Protection Suite combines a broad range of endpoint and mobile threat protection capabilities, including social engineering attack protection, newly-born host inspection, and advanced threat scan engine to secure emails.
Learn how securing email can stop targeted attacks in the attached infographic.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.