When one thinks of spear phishing, the first image to jump to mind typically isn’t that of a hacker. However, spear phishing emails are an attack technique that cybercriminals have been leveraging for quite some time now. Due to the approach’s ease of infiltration, spear phishing emails continue pose a threat to individual and business users.
But what exactly is involved with this attack style and how can organizations better protect themselves against this security risk? Let’s take a look at spear phishing and how users can guard against the targeted threat.
What are spear phishing emails?
According to a Trend Micro whitepaper, Spear-Phishing Email: Most Favored APT Attack Bait, spear phishing is a cyberattack technique that is “high targeted phishing aimed at specific individuals or groups within an organization.” Due to pinpointed nature of this threat, spear phishing emails typically contain very particular, personal information about a person or department to entice the user to open the message. Whereas more expansive phishing attacks only include a generic title, spear phishing emails name the target specifically, or contain their specific rank or title within their company.
Trend Micro noted that spear phishing messages are commonly utilized as part of an advanced persistent threat, leveraging a specialized email aimed at the chosen victim. As opposed to wider attacks aimed at an entire organization, spear phishing leverages the fact that the target will likely open an email addressed to them personally. Furthermore, hackers will sometimes further encourage engagement with the victim by attaching a document that appears authentic.
“Spear phishing significantly raises the chances that targets will read a message that will allow attackers to compromise their networks,” Trend Micro stated.
Conventionally, the targets of spear phishing APT attacks have been individuals in large enterprises and government agencies. However, as a wider range of organizations store increasingly sensitive information within their networks, they become more attractive marks for cybercriminals. This can include non-corporate and non-government groups like activist and international organizations. Trend Micro found that the most-targeted industries for spear phishing included the heavy equipment, aviation, financial and aerospace sectors.
The malware component
Once the user has been coaxed into opening and reading the spear phishing email, the hacker leverages the platform to infect the network with malware. This allows the attack access to the group’s infrastructure, enabling them to snoop and steal sensitive information to be used for malicious and fraudulent purposes.
Trend Micro researchers found that the vast majority – 94 percent – of spear phishing messages utilize legitimate-looking attachments for malware infection. Others use the emails to encourage victims to click malicious links and download infected files through webmail exploits. Whatever attack vector is leveraged, however, the end result is the same – the victim is tricked into providing an infection opportunity to hackers.
How can spear phishing attacks be avoided?
There are a number of strategies that organizations can leverage against spear phishing attacks, not the least of which is understanding the threat itself. When group members are educated about the risk that such messages can pose, they can better protect themselves and their institution from infection.
Staff members should know to look out for any suspicious emails, including those being transmitted from unfamiliar senders. If an individual does open a message of this kind, they should take care not to open any attached documents or links contained in the email as these likely contain malware.
ProofPoint also suggested utilizing an email protection solution that can monitor the platform for malicious messages of this kind.
“Dynamic malware analysis that can analyze the destination websites for malicious behavior and stimulate a real user system such that evasive techniques built into malware can be countered, driving the malware to reveal itself in a sandboxed environment,” ProofPoint noted.
In addition, Norton advised safeguarding personal information while online to reduce the number of details cybercriminals can leverage for a scam. For instance, users can take a look at their social media activity to ensure that their posts aren’t giving away too much about them.
“Take a look at your online presence,” Norton suggested. “How much information is out there about you that could be pieced together to scam you? And always remember: Don’t give up too much personal information online, because you never know who might use it against you.”