Longline Phishing

proofpoint has just released a whitepaper describing the latest innovation in APT cyberattacks — longline phishing.

proofpoint describes the latest innovations that attackers are using to ply their craft.  In order to evade cyber defenses, the APT cyberattacker has three objectives:

  1. Maintain low volume attacks to evade detection.
  2. Customize the attack to optimize victim response.
  3. Deliver unique malware to evade malware defenses.

In order to accomplish these three objectives, historically the attackers had to devote significant effort to each attack.  That effort imposed a cost/volume trade-off on the attackers.  Describing longline phishing, proofpoint observes:

… today’s advanced phishing tactics may have overcome the cost/volume trade-off. Borrowing tactics from cloud computing and database marketing, attackers are now engaging in industrial-scale phishing attacks that leverage sophisticated customization and delivery techniques.

proofpoint concludes that in longline phishing, the attackers accomplish all three attack objectives — on an industrial scale.

  1. Low Volume.   A single targeted enterprise will see a very small number of emails, however many companies can be targeted at the same time.  Thus, tens of thousand of messages can be sprinkled over many organizations without detection.
  2. Customization.  The attack emails rotate spoofed sending addresses, embedded URL’s and text customization to optimize deception.
  3. Unique Malware. The payloads exploit unpatched security holes and employ polymorphic malware.

proofpoint reviews the ineffectiveness of security defenses and concludes that firms must use big data techniques to apply additional security measures to suspicious emails.

At Iconix we agree with proofpoint.  The attackers are clever.  Cyber defense requires that organizations implement many layers of security.  A key layer in that security is the email recipient — the human.  Your personnel will receive malicious emails.  Your security hangs in the balance when an employee decides to click a link or open an attachment.  Telling employees to avoid suspicious emails is good advice.  The attackers use this same guidance — that is why cyberattackers use social engineering to craft emails that are not suspicious. IT must intervene in the email processing decision.  That is the role of SP Guard.  Using SP Guard, IT can determine a list of trusted senders and provide this information to staff at the moment the person is deciding to click or pass.  In the SP Guard environment, staff can easily distinguish a trusted HR email from a spoof HR email.

You can contact us at   408-727-6342,ext 3 or use our online form.


Comments are closed.