Spear phishing campaigns are more sophisticated: Symantec

Cyber-criminals are getting better at using targeted attack methods and strategic planning to break into the digital data vaults of major corporations, according to Symantec Corp.

Last year set a record both in terms of the total number of data breaches and the total number of customer records that were compromised, the security vendor reports in its latest Internet Security Threat Report. There was a 62 per cent rise in data breaches in 2013 over the year before, for a total of 253 reported breaches.

There were also eight breaches that exposed more than 10 million identities each last year, compared to just one breach of that size in 2012. In total, more than half-a-billion identities were breached in 2013, including financial account details, birth dates, addresses, phone numbers, email addresses, login information, and more.

“The big numbers are driven by the last quarter of the year where we had big breaches all around the Christmas shopping season,” says Kevin Haley, director of security response at Symantec. “We’re seeing a certain amount of patience in saying ‘we’re going to get into the big retailers and wait until the optimal time of the year.'”

The methods used by hackers to extract information from a large corporation also hints at growing maturity. One form of targeted attack known as “spear phishing” involves a degree of social engineering where an attacker learns specific information about a target and uses it to compose fraudulent messages asking for information, or as a trojan horse to infect their computer with malware.

In 2013, 39 per cent of targeted spear-phishing attacks were sent to large enterprises of more than 2,500 employees. Thirty-one per cent targeted medium-sized firms and 30 per cent targeted SMBs.  While the total number of spear phishing emails sent dropped in 2013 compared to 2012 – to 83 per day from 116 per day – the number of spear phishing email campaigns rose by 91 per cent. Those campaigns targeted a more honed group of people and lasted three times longer than the previous campaign.

Modern digital marketers will be familiar with “drip” email campaigns that consist of a series of messages sent to a prospective customer over time, designed to pique their interest and ultimately convert them to a lead. Now it seems the underworld is cluing in to the same techniques. Rather than flood a user with messages over one or two days, the messages are sent over a longer period to try and avoid drawing too much attention to an attack campaign.

Screen Shot 2014-04-07 at 4.51.08 PM

“The hackers are being more efficient,” Haley says. “Instead of sending 100 messages into an organization and hoping someone falls for the attack, they’re targeting one or two people in the organization and working to convince them.”

In one particularly clever attacked, dubbed “Francophoned” by Symantec, cyber-crooks would send an infected file attachment through email to a company’s accounting department. Then the attackers followed up by calling the department and saying there was some urgency to paying the invoice, asking the worker to open the infected file.

Spear phishing has been around for several years as an attack method, so users are starting to clue in, Haley says. Technology blocking the messages has also improved, so attackers have are stepping up their game to succeed with their attacks.

With so much success for attacks of this sort in 2013, it’s likely 2014 will see a lot of imitation attacks, Haley says. Businesses should take a good look at their security policies to protect against spear phishing.

If you’re wondering how to spot the messages, here’s some common words used in spear phishing campaigns that Symantec distilled into a word cloud:

Screen Shot 2014-04-07 at 4.51.34 PM

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca/
Former editorial director of IT World Canada. Current research director at Info-Tech

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now