Too many businesses today underestimate the dangers of spear phishing, and fail to realise it is one of the top threats enterprises face today, and one that often results in devastating losses, both financial and in terms of reputation.
“Businesses who want to protect themselves from this scourge need to develop a layered defence to fight these highly targeted attacks quickly and effectively,” says Simon Campbell-Young, CEO of First for Phoenix.
He says a comprehensive approach to fighting phishing is a combination of staff education and training, and some technology solutions specifically designed to pinpoint and route out the characteristics of spear phishing.
“Cyber criminals are growing increasingly sophisticated, employing various techniques to breach the corporate network. Of all the techniques that they are using today, highly targeted spear phishing emails are more than likely the most dangerous and the most difficult to stop.”
He says this is largely because email is a common and trusted form of business communication.
“Employees are vulnerable because they are used to receiving multiple emails from various suppliers, third-party partners, and of course, friends. Why would they suddenly be suspicious of an email that appeared to be the genuine article? The reason these attacks work is because they do defy all but the very closest examination.”
According to Campbell-Young, this is compounded by the fact that traditional security tools do not detect attacks of this nature. “Most attacks are identified via already established indicators of compromise, for example domains of known spammers and hackers, email links to malicious sites, or dodgy executable attachments.
“These targeted attacks usually initiate with an attacker designing a unique email aimed at a target individual or group of individuals in the enterprise being eyed by the villains. The most likely targets include members of the IT or finance departments, executives and sales staff.”
The emails will includes personal titbits and usually seem to come from a trusted partner, vendor, colleague or friend. “The emails contain no indicators of compromise, and as such, pass through the anti-malware tools and sandboxing detection technologies of conventional defences, increasing their chances of being opened.”
He says spear phishing attacks are highly targeted and tailored to be undistinguishable from the ‘Real McCoy’. “They come from domains specifically formed for the purpose, with unique messaging crafted through clever social engineering. Too often, there are no suspicious attachments or links to click on, that might give away their devious plans.”
Let’s face it, he says, they work. “Several of the most high-profile breaches we’ve seen over the past few years, including JPMorgan Chase, Target and eBay, all happened because employees fell foul of spear phishing techniques.”
However, there are tools available to prevent these attacks from being successful, he adds. “There are solutions that employ threat intelligence and add heuristic analysis and behavioural learning techniques that can pinpoint dangerous emails before they become a problem. And without having to depend on signatures or other known indicators of compromise. In addition, there’s now insurance available to cover companies in the event that they do suffer the consequences of a breach.”