Crn21 1200 300.jpeg

Spear phishing key in latest security threats

Advanced persistent threats are mostly about contact-based spear phishing, finds Stefanie Hoffman

Targeted attacks and advanced persistent threats (APTs) make a strong, if not regular, showing in news headlines. They're the most sophisticated, stealthy and dangerous threats on the security landscape.

But they don't just appear on users' networks. They have help from users who click on links and open attachments in spear phishing emails. In fact, research by Trend Micro reveals spear phishing is the key ingredient in 91 per cent of targeted attacks.

Now Trend is hoping to use its findings to boost the October launch of its Custom Defense for APTs offering and other future releases to gain further ground in enterprise markets.

But the research suggests the channel has room to reintroduce email security apps that can be bolstered with security best practice around social network and email platforms.

In the report, "Spear Phishing Email: Most Favoured APT Attack Bait", the Tokyo-based security firm emphasises that some of the most destructive APT and malware attacks begin at a point of contact - typically an email from someone the victim knows.

The message entices the user to open a malicious file or click on an infected link that kicks off an exploit to compromise the users' computers or network.

Also according to the report, 94 per cent of targeted emails use malicious attachments as the delivery mechanism.

The most commonly used and shared file types - including RTG, XLS and ZIP - account for 70 per cent of the total number of spear phishing email attachments.

The most targeted industries were government and activist groups, while three out of four victims' email addresses were found through Web searches or common email address formats.

The reason for the disproportionate reliance on spear phishing is simple: as a messaging vehicle, email is being supplanted by social networking, SMS and other, more immediate forms of communication.

Large companies and government organisations still share reports, business documents and resumes via email with the perception that downloading materials off the internet is a security risk.

For the channel, this means there's room in the mature email security market to stay relevant by introducing solutions that nab increasingly sophisticated threats.

Phishing itself isn't a new threat, with decades of roots in mail fraud and email-based 419 scams. But its derivative, spear phishing, has gained traction with cybercriminals using social networking, online phone books and other sites to craft personalided e-mails targeting specific individuals.

Typically those individuals are at high levels or with access to critical information.

Since then, spear phishing has been the gateway to some of the most notorious malware attacks, including the APT attack that compromised RSA SecureID tokens believed to be sourced to cybercriminals in China.

It's likely Trend Micro is ramping up efforts around advanced threat research to set the stage releases that make dents in security intelligence markets.

Efforts appear to be underway. In October, the firm launched its custom defence, which employs business intelligence and analytics to detect and analyse APTs.

Days later, Trend followed up with advanced email security releases that touted APT and targeted-threat capabilities.

The recent serial launches indicate the firm is attempting to keep its neck above water in this space. But it has stiff - and often relentless - competition from Kaspersky Lab and others in advanced threat protection arenas.

Stefanie Hoffman is US West Coast editor and senior associate at ChannelNomics

As part of our special editorial partnership, CRN is publishing this recent article from Channelnomics.