Spear phishing: Don't be a target
Al Berg
03.16.2006
Rating: --- (out of 5)
|
Picture this: While reviewing their morning e-mail, every executive in your organization finds a message in their inbox outlining a business proposition and a zip file attachment that further explains how the project will benefit everyone involved. The executives should definitely open the attachment to learn more about this amazing offer, right? Not so fast. If they open the attachment, it will release a Trojan program that will infect their computers and scour their hard drives for documents, spreadsheets, e-mails and other private files of interest to the sender. Worse yet, their computer will be equipped with keystroke loggers and "screen scrapers" which will provide the sender with a record of everything that they type and read. By now, it should be obvious that the sender is a competitor bent on stealing business secrets.
While this attack sounds fictitious, it already happened. In May 2005, the press exposed a scandal in Israel in which large, well-known companies used Trojan horse programs to spy on their competitors. Unfortunate as it was, this incident gives security professionals a window into a new, more dangerous type of cybercrime known as the targeted attack. Using techniques that phishers have adapted to steal relatively low-value information, such as usernames and passwords from individuals, these new, more sophisticated attackers seek out high-value information, such as confidential documents, and usernames and passwords for internal systems. Some industry pundits have coined this technique "spear phishing."
Spear phishers target companies of all types and sizes. However, because news stories and press releases usually divulge detailed information that can be used to craft a convincing e-ma
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseDesktop.com
il, companies with a major news presence may be most at risk. On the contrary, it is important to remember that in this age of Google, spear phishers can easily find enough information to craft a convincing come-on.
Less-sophisticated spear phishers often use ready-made Trojan programs to launch their attacks. Organizations with robust, multi-level AV and antispyware defenses (at the perimeter and the desktop) will be able to deflect these targeted "spears." Serious spear phishers, on the other hand, are harder to stop. They typically use spyware to solicit a targeted attack and customized spears that do not trigger perimeter and desktop alarms. Unfortunately, we should expect to see an increase in these attacks because toolkits have made the production of customized Trojans easier and cheaper.
So, what's an information security practitioner to do? Here are three steps you can use to reduce spear phishing attacks:
In the 1930s, a newspaper asked John Dillinger why he kept robbing banks. "Because that's where the money is," the outlaw replied. Today's outlaws have realized that money is found in the computers of corporate executives. Spear phishing is their weapon and infosec practitioners need to be prepared to handle these targeted attacks.
About the Author
Al Berg, CISSP, CISM is the Director of Information Security for Liquidnet (www.liquidnet.com). Liquidnet is the leading electronic venue for institutional block equities trading. According to INC. magazine in 2004, Liquidnet was the fastest growing privately held financial services company in the US and the 4th fastest growing privately held company in the US across all industries.
This tip originally appeared on SearchSecurity.com.
|
|
|
|
|
|
