Despite the ubiquitous cyber security technologies and services organizations employ, the unfortunate fact is that email-borne cyber threats still get through. The most prevalent email-based technique that hackers are currently using is the well-known and well-proven tactic of phishing, in which attackers derive clever ways of posing as trustworthy entities to extract sensitive personal information from their victims. Spear phishing takes this to the next level by personalizing elements of attacks using customized information about their victims that may be publicly available or obtained through illicit means. It’s a growing and deeply troubling threat, as attacks get more sophisticated and invasive.
Still, spear phishing falls short of describing totally unique events, one among millions that occur across the global IT infrastructure. At Glasswall, we’re seeing a troubling increase in this kind of attack, which evades all of the other prevention technologies an organization may have in place (prior to reaching our FileTrust defense level). What we’re seeing is so insidious and precise that we’ve created a new threat category for it – evasive spear phishing – which we define as one unique malicious file being sent from one unique actor to one unique recipient and which eludes the typical cyber defenses organizations employ.
Such a specialized attack involves intense reconnaissance and intelligence-gathering, so that the attack can be delivered with surgical precision. Malicious actors are realizing that large scale deployment of the same malware is getting less effective, with a growing army of cyber security analysts ready, willing and quickly able to halt attackers’ ability to generate cash. So, they now put serious focus on upfront efforts to ensure success.
Register for our upcoming Evasive Spear Phishing webinar, featuring Lewis Henderson, Glasswall’s head of threat intelligence and analytics, and Kurt Natvig, principal research scientist at Forcepoint Innovation Labs, discussing specifics of these attacks.Register Now
Users who are the targets of these attacks are more likely to unintentionally start a malicious process simply because the harmful emails and document attachments they are sent are utterly convincing as legitimate business communications. We’ve seen a variety of examples, from fake invoices to voicemail notifications, and even a cunning technique sent in a foreign language document asking the reader to ‘click to enable Google Translate’ and using a very familiar brand logo.
Looking at our directly-gathered Threat Intelligence data collected from analyzing over 25 million emails, we’re seeing some trends emerge for this type of attack. For one, attackers are leveraging everyday file formats. Forty three percent of attacks we’ve seen so far have been in .PDF files, and 35% were in Microsoft Binary format (’97-’03) – yes, many people are still allowing these high risk files to enter their organization via email. The files sent contained highly specific content related to the company and individual people who were the targets of the attacks. Certain industries are the largest targets – information technology manufacturers (particularly software developers) being the biggest, at just shy of 50% of attacks; the Legal sector comes in at half that, and others follow.
We invite you to review Part 1 of our Threat Intelligence Bulletin that discusses our findings about evasive spear phishing in more detail. Part 2, written in partnership with Forcepoint who also recognize the emergence of this new threat, will present details on specific evasive spear phishing examples. Expect that report shortly.
Download Glasswall’s Threat Intelligence Bulletin on the new threat of Evasive Spear Phishing.Get Report