In the discussion of targeted attacks, it is usually taken for granted that they arrived via some sort of spear-phishing attack. The discussion then goes into an analysis of the malware involved and/or the servers used or compromised in the attack.
However, to avoid attacks in the first place, it is of value to look at the spear-phishing attacks themselves. More information about these attacks would allow administrators to consider which emails could pose a security risk, and design their defenses accordingly.
With that in mind, we wrote our paper titled Spear-Phishing Email: Most Favored APT Attack Bait. In addition to looking at the attachments and file types used, we also looked at the industries/sectors that are targeted, and investigated the importance of good reconnaissance in launching targeted attacks.
Among our key findings are just who is targeted by APTs, and how attackers can find them. Just under two-thirds, or 65 percent, of APT campaigns targeted governments. Just over one-third (35 percent) targeted activists.
In addition, we found that a disturbing number of email addresses can be found online rather easily. Three-fourth of all e-mail addresses that were targets of spear phishing could be found online. This indicates that for would-be attackers, it is very easy to build up a “target list” for any spear-phishing campaigns.
For our full findings, you can read our paper, which you can download by clicking the link below: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf