CybersecurityPromoting mistrust: thwarting spear phishing cyber threats

Published 10 January 2013

Information security experts say that the most challenging threat facing corporate networks today is “spear phishing”; generic e-mails asking employees to open malicious attachments, provide confidential information, or follow links to infected Web sites have been around for a long time; what is new today is that the authors of these e-mails are now targeting their attacks using specific knowledge about employees and the organizations they work for; the inside knowledge used in these spear phishing attacks gains the trust of recipients

The e-mail resembled the organization’s own employee e-newsletter and asked recipients to visit a Web site to confirm that they wanted to continue receiving the newsletter. Another e-mail carried an attachment it said contained the marketing plan the recipient had requested at a recent conference. A third e-mail bearing a colleague’s name suggested a useful Web site to visit.

None of these e-mails was what they pretended to be. The first directed victims to a Web site that asked for personal information, including the user’s password. The second included a virus launched when the “marketing plan” was opened. The third directed users to a Web site that attempted to install a malicious program.

A Georgia Tech release reports that all three are examples of what information security experts at the Georgia Tech Research Institute (GTRI) say is the most challenging threat facing corporate networks today: “spear phishing.”

Generic e-mails asking employees to open malicious attachments, provide confidential information, or follow links to infected Web sites have been around for a long time. What is new today is that the authors of these e-mails are now targeting their attacks using specific knowledge about employees and the organizations they work for. The inside knowledge used in these spear phishing attacks gains the trust of recipients.

“Spear phishing is the most popular way to get into a corporate network these days,” said Andrew Howard, a GTRI research scientist who heads up the organization’s malware unit. “Because the malware authors now have some information about the people they are sending these to, they are more likely to get a response. When they know something about you, they can dramatically increase their odds.”

The success of spear phishing attacks depends on finding the weakest link in a corporate network. That weakest link can be just one person who falls for an authentic-looking e-mail.

“Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully-crafted e-mail to let someone into it,” Howard said. “It’s very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, e-mail users have to do the right thing every single time.”

Howard and other GTRI researchers are now working to help e-mail recipients by taking advantage of the same public information the malware authors use to con their victims. Much of that information comes from social media sites that both

view counter
view counter