Over 90 Percent of Targeted Attacks start with Spear Phishing Emails
Companies must improve email security with better threat detection and superior “custom” defenses, urges Trend Micro
Marlow UK, 28th November 2012 – A staggering 91 percent of targeted attacks begin with a spear phishing email, according to new data collected by global security leader Trend Micro between February and September this year.
Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific and “personal”. These attacks may, for example, refer to their targets by their specific name, rank, or position instead of using generic titles as in broader phishing campaigns.
The end goal is to trick the victim into either opening a malicious file attachment or clicking a link to a malware- or an exploit-laden site, starting a compromise within the victim’s network.
According to the report, “Spear Phishing Email: Most Favored APT Attack Bait,” 94 percent of targeted emails use malicious file attachments as the payload or infection source. The remaining 6 six percent use alternative methods such as installing malware through malicious links.
"We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve”, said Rik Ferguson, director of security research and communications at Trend Micro. “Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks. We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored."
Notable highlights from the report:
- The most commonly used and shared file types accounted for 70 percent of the total number of spear phishing email attachments during the monitored time period. The main file types were: .RTF (38 percent), .XLS (15 percent), and .ZIP (13 percent). Alternatively, executable (.EXE) files were not as popular among cybercriminals, most likely because emails with .EXE file attachements are usually detected and blocked by security solutions.
- The most highly targeted industries are government and activitist groups. Extensive information about government agencies and appointed officials are readily found on the Internet and often posted on public governement websites. Activitist groups, highly active in social media, are also quick to provide member information in order to facilitate communication, organise campaigns or recruit new members. These habits elevate member profiles, making them visible targets.
- As a result, three out of four of the targeted victims’ email addresses are easily found through web searches or using common email address formats.
Trend Micro offers “first line of defense” email security against spear phishing attacks
Organisations must be able to detect and block spear phishing attempts as their first line of defense against targeted attacks. As part of its Custom Defense against APTs launch in October, Trend Micro bolstered its suite of email security solutions to not only stop traditional threats, but also to identify highly targeted, acute email attacks.
Unlike standard email security solutions that are unlikely to detect spear phishing emails associated with APTs, Trend Micro’s email security products automatically send suspicious attachments to Deep Discovery for analysis in customer-defined sandboxes and block spear phishing emails in-line. Beyond email threat detection and protection, Deep Discovery automatically issues custom security updates to other security layers throughout the organisation’s network. Moreover, it correlates local findings with Trend Micro’s global threat intelligence - to offer security teams valuable info on the nature and extent of the attack, and who is behind it. This custom insight enables organisations to better respond and protect against further attack.
Trend Micro’s email security products that are equipped with spear phishing protection include:
- Trend Micro™ ScanMail™ for IBM™ Lotus™ Domino 5.5 – available now
- Trend Micro™ ScanMail™ for Microsoft™ Exchange 10.2 SP2 – available at end of December
- Trend Micro™ InterScan™ Messaging Security 8.2 SP2 – available at end of December
About Trend Micro
Trend Micro Incorporated (TYO: 4704), a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, businesses and governments provide layered content security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. Leveraging these solutions, organizations can protect their end users, their evolving data center and cloud resources, and their information threatened by sophisticated targeted attacks.
All of solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™, and are supported by over 1,200 threat experts around the globe.