Spear Phishing – Part 1

Originally posted on https://www.bestructured.com/spear-phishing-part-1/

As we know it today, Phishing has become one of the most commonly used tactics by the Cyber attacker in order to garner personal information and data.  This primarily involves our physical addresses, E-Mail addresses, credit card numbers, banking and other types of financial information; Social Security numbers, etc.

Phishing involves sending an E-Mail, either with a malicious file (such as those .DOC and .XLS), or link.  Once the victim has downloaded the files or clicked on the link, then the malware (most likely a Trojan Horse) spreads itself onto the computer or wireless device of victim.

Generally, Phishing attacks involve sending mass E-Mails out; in other words, there is not one targeted individual or organization.  Whatever contact information the Cyber attacker can get their hands on is used. Although lately, there appears to be a new trend developing:  a tactic known as “Spear Phishing”.

It can be defined specifically as follows:

“It is a phishing method that targets specific individuals or groups within an organization. It is a potent variant of phishing, a malicious tactic which uses emails, social media, instant messaging, and other platforms to get users to divulge personal information or perform actions that cause network compromise, data loss, or financial loss.”

Thus, in these instances, the Cyber attacker has already done their research ahead of time and knows who or what they want to specifically target.  In a way, this is similar to that of Business E-Mail Compromise (BEC) attack, in which the C-Level executive is primarily targeted to transfer funds.

In this blog, we examine the recent trends of Spear Phishing attacks.

Just consider some of these alarming statistics:

• 77% of the Spear Phishing attacks are laser focused – targeting only 10 E-Mail inboxes, and only 33% of them focused upon just one E-Mail inbox.
• 47% of Spear Phishing attacks lasted less than 24 hours.  All other types of Phishing schemes lasted at least 30 days or more.
• Another tactic that the Cyber attacker uses is what is known as the “Drip Campaign”.  For example, 35% of the Spear Phishing attacks lasted at least 12 months or even longer.
• The Cyber attacker has become even stealthier when it comes to bypassing the E-Mail Spam filters.  In these instances, 20% of Spear Phishing based E-Mails were able to get around these filters, and their way into the inbox.
• 42% of IT Security professionals consider Spear Phishing to be amongst one of the top 3 Cyber-attack concerns.
• At least 30% of the Spear Phishing campaigns are deemed to be successful.
• Compared to a general Phishing campaign, Spear Phishing campaigns are cost 20X per victim, and the return is 40X greater.
• A Cyber attacker will spend an enormous amount of time also trying to find a hidden “crack” or “hole” in the organization in as a stepping stone to collect the relevant information/data on their victim.

So, how is the Cyber attacker so successful when launching these kinds of campaigns?  First, they are consistently sharpening and refining their skills in conducting the research needed in order to launch a laser focused attack.  Second, the Cyber attacker does not rely upon fancy technology in order to execute a Spear Phishing campaign.  Rather, they rely upon the old the old-fashioned techniques of Social Engineering in which to thrust their attacks forward.

The Cyber attacker demonstrates a considerable amount of patience.  For instance, they spend an enormous of time researching their primary target.  They are in no rush to get this task accomplished.  The more accurate the information that they have, the greater the statistical probability that their well-crafted E-Mail will make it through the Spam Filters.

They often rely upon Social Media sites that the individual or even the organization uses.  They try to glean as much contact information as possible.  Also, the use of Internet based background searches is a commonly used tool as well.

Our next blog will examine the specific areas of interest that a Cyber attacker targets in their Spear Phishing campaigns.

1)       https://www.trendmicro.com/vinfo/us/security/definition/spear-phishing