Spearphishing – The Scariest Cyberweapon

In a blog entry posted today, Patrik Runald of Websense writes, “What is Scaring Businesses the Most? Spear-phishing.”  The post explains the difference between high volume spam email and the social engineering used to create highly targeted emails.

The post describes a spearphishing technique in which the attackers use clever timing of different cyberattack tools to defeat cyber-defenses:

A typical attack of this type would have the bad guy doing the following:

  1. Find a URL that can be easily compromised… but do nothing at that time. Leave it ‘as is’ for now.
  2. Craft an email that will not trigger spam, AV or other security measures based on its content, but include links to the currently ‘safe’ URL. Since they typically pretend to be something legitimate, it is best to simply copy a legitimate message… and only change one link to the ‘safe’ URL.
  3. Send the email over the weekend, or late at night, so email defenses will approve the email and deliver it into the user’s mailbox.
  4. Just before you believe employees will begin accessing email, compromise the URL and install that part of the attack strategy.

Evasion techniques like these help when hackers are going for the big game – spear-phishing employees with access to a specific network or data or whale phishing, the targeting of executives at companies.

Websense suggests a three-part defense against spearphishing:

1. Employee Education
2. Email Sandboxing
3. Real-time analysis and inspection of your web traffic

With these measures, Websense estimates 95%+ effectiveness.  At Iconix we believe that this is good advice, but you need to do more to drive down the 5% gap.  Employee education can be augmented with a tool that makes employees more effective at avoiding deceptive emails.  Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks.  Click here to learn more.  You can contact us at 408-727-6342, ext 3 or use our online form.


Comments are closed.