The Threat of Spear Phishing: How to prevent attacks

Cybercriminals used to rely on broad spam attacks with limited success. Unfortunately, times have changed. Today, highly-targeted email phishing schemes are penetrating the IT systems of major organisations around the world, leading to massive data hacks and security breaches.

If it feels like high-profile cyber crimes are in the news every day, it’s because they are! From media companies to major banks, everyone is being targeted. And most attacks begin with one member of staff opening a link on a spear phishing email. It’s really that simple.

 

Why is spear phishing on the rise?

Because it is so effective. Old-style security defences don’t stop it or even detect it, which is why cybercriminals love it. It’s the best way to deliver a vast range of digital threats into a system. What’s more, threat actors are now focused on senior management and high-ranking team members, tricking them into activating malware and ransomware. This gives criminals access to more of the organisation’s ecosystem. Smart, right?

 

For example, this could be ransomware that encrypts company data, then extorts fees from the target to fix the situation. Other malware includes point-of-sale or banking trojans that attack companies in the retail space. The victims are often leaders at the C level and above, eager to protect their reputation.

 

Recent attacks have shown that spear phishing emails can trick even the best and brightest professionals at the biggest and most successful organisations.

So, if spear phishing can fool them, it could fool you too. It’s time to get ahead of the game.

 

The dramatic increase in spear phishing attacks 

We’ve all seen some form of phishing email hit our inboxes. They are exploratory in nature, with cyber attackers hoping to get hold of a user’s data – the more sensitive the better. This often means personal ID info or access to networks. These preliminary stages lay the foundations, allowing bigger, more widespread attacks. Traditional phishing sometimes involves multiple layers, including some sort of social engineering and technical deception. This dual approach will sometimes lead less tech-savvy people to open files or click on links that reveal crucial data or sensitive info.

 

But spear phishing is far more focused, bespoke and tailored. Cybercriminals isolate and segment their chosen target, using sophisticated tactics of personalisation and impersonation. These techniques get around basic email defences and have a much higher success rate than basic phishing.

 

In the past, a phishing campaign may have gone after an entire database of email addresses, but spear phishing targets certain people within specific companies, all guided by a particular purpose or mission.

Things have really moved on from dodgy-looking emails occasionally showing up in your junk mail.

 

The role of social media

We all share more of our lives than ever before. And the cybercriminals are using it to their advantage. By harvesting social networks like Facebook and Instagram, attackers can find out unique insights and personal info about a target. This helps them create a spear phishing email that goes under the radar, as it seems so normal to the person receiving it.

 

Right now, spear phishing is the most common method for advanced persistent threat (APT) attacks. Cybercriminals today choose to launch APT attacks with highly-sophisticated malware alongside multi-stage campaigns in order to achieve a singular objective. This allows them to gain access to a company’s sensitive data, network and systems in a way never experienced before.

The stakes are higher than ever, and the cybercriminals are tipping the odds in their favour.

 

Why the increase in attacks?

The number of spear phishing incidents is increasing rapidly. Why? Because they are proving highly successful for cybercriminals. They now form a central component to any hacker’s strategy. Gone are the days of wide-net spam attacks. Instead, criminals are employing a tailored approach, targeting their victims with focused precision. They are masters of their craft, creating nuanced spear phishing emails that can mimic any legitimate source.

 

What’s more, spear phishing campaigns are being produced faster, with more accuracy and frequency than ever before.

 

What are the real costs of these attacks?

On average, a single attack costs businesses $1.6m and causes stock prices to drop by 15%

{{cta(‘d29400e4-7173-4691-a5ac-4bd4c12dfa39’)}}

 

How does spear phishing get around system and network defences?

Modern spear phishing uses a combination of methods, including: 

  • Multistage attacks, where the first stage of an APT attack is followed up by further stages of binary downloads, malware outbound communications, and data extraction.
  • Leveraging zero-day vulnerabilities in browsers, plug-ins and desktop applications to take advantage of systems.
  • Blended or multi-vector threats, using a mix of dynamic URLs, email spoofing and drive-by downloads.
  • Expertly designed email forgeries targeted to individuals, bearing no resemblance to the high-volume spam that we’re now immune to. This means traditional spam filters often fail to highlight them.

Cybercriminals getting up close and personal

In the past 12 months, CommuniCloud and our strategic partners have responded to multiple targeted attacks that resulted in the theft of personally identifiable information (PII) by threat actors. The amount of PII stolen showed that the goal was the mass collection of PII data and info, not that of specific people. However, we hadn’t seen a trend of indiscriminate theft of PII by threat actors before. Our expert team were conscious of individual occasions of PII theft happening as a by-product of larger data-theft operations. For instance, a cyber criminal might steal all the data on a server that happened to include PII, that was of no particular interest to the attacker.

 

This has all changed. Now, our team are finding that massive PII breaches span a variety of sectors, including travel, financial services, healthcare and government. While we initially thought that the threat actors would target credit card information and health records, there was no evidence of this. Instead, our security team saw that threat actors were targeting and stealing information that could be used to verify identities such as Tax File Numbers, birthdates, job history, and even mothers’ maiden names.

 

That’s right, they’re going after the personal stuff.

 

How a spear phishing attack got hold of masses of PII

One recent attack started with threat actors fooling an employee into clicking on a malicious link in a spear phishing email. The link downloaded a secret backdoor, gifting the attackers with access to the individual’s system. After they got a foothold, they began exploration activity focused on identifying databases with the most amount of PII.

 

After leveraging the individual’s Active Directory info, the cybercriminals identified database administrators and their computers. They searched Active Directory group membership for keywords, then the threat actors moved across those systems and collected data to identify the names of databases, database servers and database credentials.

 

The cyber attackers showed they had a deep knowledge of database systems from Teradata, Microsoft and Oracle, as well as all the transaction gateways used to access these networks and systems. Once the database info was in their grasps, the threat actors tested authentication and catalogued databases. Then, they searched the databases for specific names that stored private info.

 

After the cybercriminals had the data they wanted, they plucked specific fields for every record in the targeted databases. The information included immensely private and highly-sensitive information. Due to the volume of data extracted, the threat actors withdrew information in chunks (100,000 to 1,000,000 sensitive records at a time). The data was compressed into archives and the files containing PII were uploaded to file sharing websites.

 

The whole operation was highly organised and extremely professional.

V 2

Increasing your email security

In today’s world, companies require a dynamic email security solution that blocks and detects targeted spear phishing campaigns that are seeking to harvest credentials or impersonate of real senders.

 

At CommuniCloud, we provide our clients with an email security solution that is far superior to traditional solutions. What’s more, our solution is proactive rather than reactive, helping to protect companies from getting email-targeted cyber threats in the first place.

 

Fully integrated solution

In order to fight modern cyber attacks, companies require protection across multiple vectors.

For instance, network and email vectors are often used together in sophisticated attacks. By uncovering an online attack in real-time and tying it back to the initial spear phishing email that allowed the attack, a company can find out if other users within the organisation have also been compromised.

What’s more, companies can look to protect their networks with systems that detect threats across many protocols and protocol stack. These include the operating systems, applications, network layer, browsers and plug-ins.

 

This approach is the best and most advanced way to put a stop to highly-targeted cyber attacks.

 

Innovative security that stops zero-day threats

At CommuniCloud, we have the capabilities to offer real-time analysis of email attachments, URLs detailed in emails and web objects. This means we can accurately work out if they’re malicious or not, protecting users around the clock. This helps us to provide a powerful guard against even the most advanced methods of email-based attacks.

 

With this protection, CommuniCloud stops the malicious malware embedded in attachments, including malware hosted on ever-changing domains. Good, right?

 

Stopping block callbacks and malicious code

As well as detecting potential threats, the CommuniCloud solution will identify if a suspicious attachment or other objects appear malicious. Every single callback communication is interrogated for malicious activity, including monitoring outbound host communications over multiple protocols in real-time. Better still, we can also stop callbacks based on the unique characteristics of the communication protocols employed, rather than having to rely on the domain name or destination IP.

 

After a malicious code is highlighted, the IP addresses, ports and protocols are immediately blocked to end any transferring of sensitive data. This stops attackers from using more malware binary payloads, ending their sideways movement through a business or organisation.

 

Just think how much money this could save your company in the long run.         

 

Threat intelligence that’s prompt and precise

The info we gather from forensic analysis of advanced malware can be used in a multitude of ways:

  • CommuniCloud systems can identify the malicious code in order to highlight compromised systems and auto-generate protection data to prevent the attack from spreading.
  • Forensics researchers can run suspected files through automated offline tests. These confirm and breakdown malicious code to understand its design and makeup.
  • Cyber security specialists and organisations can join forces to share info and provide a unified intelligence response to malware threats. Because we are all stronger when we work together against cyber attackers.

Discovery is everything

As we’ve detailed, cybercriminals are now capable of crafting convincing spear phishing campaigns. Their use of social engineering techniques now tricks more and more employees and the campaigns are becoming increasingly harder to detect.

Worse still, responding to these emails often results in email and network credentials being attacked, malware and ransomware being installed on corporate networks, and personalised data being downloaded by the attackers. These highly-targeted, multistage and layered attacks are so effective in penetrating today’s networks, that they’re becoming more and more common.

So, despite huge financial resources being pumped into IT security around the globe, the cybercriminals are still having unprecedented success. The majority of these attacks start with a malicious email. Unfortunately, personalised spear phishing will continue to be the tactic of choice… unless organisations decide to fight back.

 

We can put a stop to these attacks, but to do so, businesses need much more than traditional email security solutions. The cybercriminals have upped their game, so organisations need to follow suit, or they risk losing masses of highly sensitive data.

 

CommuniCloud Cyber Security Solutions

 

Fighting spear phishing might sound like a daunting task, but here at CommuniCloud, we make it easy for you.

We are experts in cyber security solutions and partner with industry leading vendors such as Cisco, Jazz Networks, Agari, InfoTrust and Splunk.

Together, we can create a Cyber Security Ecosystem of both technology and professional services, tailored around your business needs. Providing an effective defence against modern   adopting spear phishing tactics.

You can count on us.

CTA Cyber Blog

 

 

Leave a Comment