Are these new phishing attacks targeting your business?

Phishing attacks are nothing new to the business user.

Emails promising the riches of Nigerian princes. Poorly-worded messages asking you to click on a provided link. Desperate calls for help that tug at the heartstrings.

Traditionally, these phishing tactics have relied on social engineering, allowing them to get a foothold within a protected network perimeter. For the most part, these old-style phishing attacks have little effect on the savvy business user and have little chance of making it through state-of-the-art network security.

But, as users and IT protections have gotten more sophisticated, so have the phishing attacks.

Spear-phishing vs. long-lining

Spear-phishing, which first started appearing about five years ago, and its more recent incarnation of phishing attacks, known as long-lining, are types of phishing attacks that are much more personalized and targeted at specific businesses or institutions. These attacks do a much better job of presenting themselves as legitimate emails, usually in the form of properly-formatted and spell-checked messages from other departments within an organization, or as clones of official emails from trusted external organizations, like a bank. In many cases, the goals of these attacks are very specific: compromise security to obtain proprietary information that can be used for explicit gains.

Unlike a broad-based phishing attack, these more sophisticated approaches appear to come from people or groups that the recipient would normally respond to, such as people up the chain of command or IT security groups within the organization. The messages also don’t contain payloads that would trigger scanner software or average security measures. Links within the messages appear to be correct, and, in fact, may well be.

Complete, spoofed copies of vendor sites may be built, with the goal of getting the user to go to the site and enter information that will compromise security, preferably without them realizing it.

Who’s being targeted?

Users operating outside of the company firewall are very susceptible to these types of attacks. Reports from various security firms show that as many as 20 percent of successful spear-phishing attacks come through computers infected while external to their corporate network, and then spread their attack once brought inside the protected perimeter.

What are phishing attacks after?

The new generation of attackers may no longer be interested in getting malware on to their targets’ computers. Rather, they may simply be mining for usernames, email accounts and passwords, in order to get access to information that will bring them indirect financial gain. In a report from late 2014, the security company FireEye outlined the activities of a group called FIN4, which involved accessing confidential information from more than 100 companies in the financial, pharmaceutical and healthcare industries in order to manipulate the market for financial gain.[1]

Phishing attack technology

Unfortunately, phishing attacks are growing beyond simple social engineering attempts, regardless of how cleverly targeted. A software tool called Wifiphisher, as reported in Security Week, allows for an automated software attack that reroutes authentication information by jamming legitimate wireless access points.[2] While this tool is still in its infancy, and requires that users ignore warnings that connection information has been changed, it shows a future direction that malicious attacks on your network may take.

Attacks are happening all the time. Recently, a new vulnerability was discovered in Internet Explorer 11. As reported in Computerworld, this new vulnerability made phishing attacks much easier, and allowed user accounts to be hijacked by exploiting a flaw in the web browser.[3]

Your information is one of your most valuable assets. Make sure you’re doing everything you can to protect it.