‘Spear-Phishing’ Attacks Keep on Giving by Kim Zetter,

Oct 26, 2010

Report: ‘Spear-Phishing’ Attacks Keep on Giving
* By Kim Zetter Email Author * October 26, 2010 * 3:49 pm

The number of targeted phishing attacks against individuals has risen dramatically in the last five years from one or two a week in 2005 to more than 70 a day this month, according to a new report from computer security firm Symantec.

The industry most recently hardest hit by so-called spear-phishing attacks is the retail industry, according to Symantec’s MessageLabs Intelligence report. The number of attacks against retail exploded in September in particular, jumping to 516 attacks from just seven attacks a month for the rest of 2010.

The statistics are somewhat skewed, though, since most of the September attacks against retail were directed at a single company. Symantec counts each copy of a malicious e-mail received by an organization as a unique attack, even if it’s the same e-mail sent to multiple people at the same time. But the report illustrates that, five years after its invention, spear-phishing remains a trusted tool in the modern cyber criminal’s arsenal.

Unlike regular phishing attacks, which involve spamming a message to random users, spear-phishing targets specific individuals or small groups of employees at specific companies. The former are generally designed to steal banking credentials and e-mail passwords from users, while the latter generally focus on gaining access to a system to steal intellectual property and other sensitive data.

Spear-phishing attacks generally come disguised as e-mails that appear to come from trusted sources, such as a company manager or the company’s information technology department. They might contain a malicious attachment or a link to a malicious web site that the recipient is encouraged to click on to obtain important information about a company matter.

Once a recipient clicks on the link, his browser is directed to a malicious site, where malware is downloaded surreptitiously to his computer. The malware allows an attacker to control the victim’s computer remotely and steal log-in information for banking accounts or for protected internal company systems.

Spear-phishing is the tactic that hackers used to gain access to the internal networks of Google and about 30 other companies late last year. In those attacks, the hackers were able to root deep into the corporate networks to steal source code and other intellectual property.

Five years ago, spear-phishing targets included government entities, defense contractors, pharmaceutical and multi-national companies. Over the last year, smaller businesses have been targeted, with the likely intent of finding weak links in a supply chain, Symantec writes in its report. Usually between 200 and 300 organizations are targeted each month, with the specific industries varying.

The 516 retail attacks that Symantec recorded in September went to six organizations, but Symantec writes in its report that only two of these organizations appeared to be the main target of the attacks. One organization, which Symantec wont name, received 325 of those attacks, targeted at 88 employees. The attack came in three waves on September 15, 22 and 29 in the form of spoofed e-mails that appeared to come from executives in the company’s human resources and information technology departments. One e-mail contained an attachment purporting to be a confidential salary list; another e-mail that appeared to come from the company’s assistant vice president of human resources came with an attachment purporting to contain a list of new job openings at the company as well as information about the company’s “new bonus plan.”

“We want you to remember that a person referred by an employee will always have more chance of being hired,” the e-mail read.

The third e-mail came from the company’s IT security department with the subject line “Fwd: Critical security update” and a note that read in part, “we need your help to maintain the security of our network infrastructure.”

All of the spear-phishing e-mails came from two IP addresses — one in Argentina, the other in the U.S. — and contained grammatical and spelling mistakes.

Read More

Sep 16.09 | Web server attacks, poor app patching make for nasty mix Jump in site hacks, lazy Adobe, Sun, Apple program patching to fuel online threats By Gregg Keizer September 15, 2009 03:44 PM ET

Web server attacks, poor app patching make for nasty mix
Jump in site hacks, lazy Adobe, Sun, Apple program patching to fuel online threats
By Gregg Keizer
September 15, 2009 03:44 PM ET read more

Jul 02.09 | Heartland breach cost $12.6 million, CEO says

By Robert Westervelt, News Editor 07 May 2009 |

Heartland Payment Systems Inc. said it was experiencing losses this quarter as a direct result of a massive data breach it disclosed in January when investigators discovered a malicious program sniffing credit card data passing through its systems. read more

Apr 20.09 | RBS, Heartland no longer PCI compliant

RBS, Heartland no longer PCI compliant

By Dan Goodin in San Francisco • Posted in Security, 13th March 2009 21:40 GMT

Visa on Friday alerted the world that RBS WorldPay and Heartland Payment Systems are not on its list of payment card processors who are in good standing with industry-mandated standards for data security.

The move follows announcements by both companies that they experienced data breaches that exposed details for a large number of credit cards to criminal hackers. RBS said the security lapse exposed 1.5 million cards. Heartland has yet to say how many cards were affected.
read more

Sep 30.08 | FAQ: Clickjacking -- should you be worried? Nearly all browsers are vulnerable to this new attack class, but details are scarce!

read more

Jul 25.08 | Credit-card fraud probe targets Pearson's self-service kiosks

An investigation of suspected credit-card fraud at Toronto's Pearson airport is now concentrating on the security of its 150 self-service check-in kiosks. read more


Moneris’ new eSELECTplus® payment tool will be used with Wylie’s Web site so organizations can easily accept electronic contributions and purchases online
read more

Jan 18.08 | Silent Banker Trojan..Banking in Silence

Beware the Silent Banker Trojan which sits quietly between your computer and your online banking to steal away payments. It can silently change the user-entered destination bank account details to the attacker's account details instead. read more

Jan 14.08 | November 6, 2007 92 Convio Clients Hit In Security Breach

November 6, 2007 92 Convio Clients Hit In Security Breach
Firm says no financial data was accessed
By Mark Hrywna The NonProfit Times read more


read more