Spear-phishing – the new corporate threat
Spear-phishing attacks are on the increase according to IBM and others. Unlike traditional phishing attacks which randomly spam thousands of e-mail addresses, spear-phishing attacks specific targets. It's more difficult to set up but the rewards can be far higher because a successful attack gives the "spear-phisher" massive access within a corporation. To date such attacks have largely gone unreported because companies fear the loss of trust that would occur if they went public.
How is Spear phising different?
Successful spear-phishers work hard to understand the target company – which are usually government agencies, industrial companies, and financial institutions – especially Banks. Spear-phishers are looking for a low-level person who can help them understand how corporate emails and email addresses are crafted; how the company organizes its workgroups etc. Once they have enough they send a "corporate-looking" email with an embedded Trojan to a number of recipients within the company. All it takes is just one recipient to open the attachment and what was once a secure network is now compromised! Passwords are stolen, personal data are stolen; the attacker moves up the organization; steals more passwords; gains access to yet more sensitive data – often without anyone even noticing.
What Solutions are there?
Because Spear-phishing is so targeted, the traditional tools that rely on blacklists of known phishing sites just don't work. There is no realistic technical solution, rather the solution is in user-education. Teaching your staff what a suspect corporate e-mail looks like, even if it comes from a "trusted" authority, is one answer; emphasizing that when in doubt about an e-mail's veracity, you should always pick up the phone and call the party requesting information is another. Companies should also modify their behaviour and not embed links in emails. That way "spear-phishers" will stand out more clearly. The other solution is of course to protect all sensitive systems with two-factor authentication – passwords and tokens. In such an environment "spear-phishers" can get nowhere without physically stealing a token.
Discuss this article