Spearphishing – Cybercriminals New and Improved Attacks Using Metadata

The International Business Times recently reported on the ways cybercriminals are defeating corporate IT security.

First, the new malware being used by attackers is harder to detect. Citing IDC research, the article states, “traditional forms of computer security, including antivirus software and firewalls, are only effective against 30 to 50 percent of the malware found today.”

Second, attackers are becoming far more effective in delivering malware into the enterprise through the use of spearphishing. Instead of using crudely crafted messages that are sent to large numbers of people in hopes that a few people will be deceived, in spearphishing the attacker gathers information about the victim and then crafts a personalized email that is has a strong call to action for the particular recipient. The article reports that KPMG, as part of its upcoming survey, entitled Forbes 2000, downloaded around 2.5 terabytes of freely available information from the websites of the companies involved in the report. KPMG found  that  looking at the metadata from the websites provided an incredible amount of personal and sensitive information.  Martin Jordan, Director of Information Protection at KPMG, said

Within the metadata we are taking out  usernames, IP addresses, email addresses. This is all the stuff that Russian criminal gangs use when they are spear phishing your CEOs, your head of technology.

While such metadata can be shielded from legitimate search activities by using a robots.txt file to instruct honest search engines not to index the metadata, hackers are not bound this convention. The metadata disclosed who authored a particular document or press release, giving attackers the username of the head of public relations for example. Using this information, the attackers are able to target that person directly, seeking sensitive information which they can then sell on to interested parties.  The hackers are able to send the targeted person an email with a strong call to action.  When the recipient “takes the bait” malware is installed on the victim’s machine that gives the attackers the ability to install command and control software that can be used to steal data.  You can see how this is done by watching the movie posted at Spearphishing – The Movie.

How can a spearphishing attack be prevented?  What is needed is a method to deprive the attacker of his ability to deceive. Spearphishers deceive by masquerading as trusted senders.  At Iconix we identify trusted senders. Our identification system makes it easy for users to distinguish trusted senders from attackers masquerading as trusted senders.  SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks.  Click here to learn more.  You can contact us at 408-727-6342, ext 3 or use our online form.


Comments are closed.