In order to go whaling, cybercriminals study a person’s online profile to determine his or her level in an organization, as well as any information about what might attract that person to click on a targeted phishing email, the study noted.
Whaling is a strategy that is often used by state-sponsored advanced persistent threat (APT) attacks, said Tom Cross, manager of threat intelligence and strategy for IBM X-Force.
Through internet research, “you can begin to build a picture of who works in a company, to whom do they report, and what their roles are. From that picture you might be able to determine who has access to the information you want to steal. Based on that information, you launch a targeted spear phishing attack against an individual with the information you desire”, he told Infosecurity.
The IBM X-Force report gathers information from various intelligence sources within IBM, including its database of computer security vulnerabilities, global web crawler, international spam collectors, and the real-time monitoring of an average of 12 billion security events every day.
Cross identified three major trends in the report. First, the number of mobile exploits is projected by IBM X-Force to double in 2011 compared with 2010. Second, the number of high-profile security breaches increased significantly during the first half of the year. On the positive side, the third trend is an improvement in certain areas of information security.
The report said that mobile phones are an increasingly attractive platform for malware developers and identified two exploitation methods. First, malware distributors can set up premium texting services that charge users that text to a specific number. The malware then sends text messages to those premium numbers from infected phones. Second, some mobile malware is designed to collect end user’s personal information. This data could then be used in phishing attacks or for identity theft.
In addition to APT attacks, recent data breaches have been perpetrated by hacktivists and through anonymous proxies. Hacktivists have been successful in using off-the-shelf attacks techniques, such as SQL injection, to attack companies and governments, the report noted.
In addition, the number of anonymous proxies, which enable cybercriminals to hide their malicious intent, have more than quadrupled compared to three years ago, the report noted. Anonymous proxies are a “way of reflecting your web traffic off of a third party before it goes to the destination website….People who are interested in launching attacks often use anonymous proxies as a way of covering their tracks”, Cross explained.
The report also uncovered some positive security trends. For example, there has been a decline in browser and web application vulnerabilities, as well as a decline in traditional phishing and spam and better security patching.
“In general, there are some signs that we have made some headway against these security problems. These signs are encouraging for those of us who work on security stuff all the time”, Cross concluded.