Research conducted by Proofpoint found that the “Media Spear Phish” approach is highly effective – it comes in as the No. 1 most dangerous email attack. An intriguing and real-life media story is sent to specific employees appearing to come from someone within the organization as a recommendation. The link sent is to a valid news site, though the webpage has been compromised with a malware infection.
The “Breaking News Longline,” where a large real-life news story is used by hackers, is the No. 2 most effective approach, according to the study. Here, exclusive information on an event is sent via email to employees. The link in the email appears to be to a genuine site running the news; however, employees are actually sent to a malicious malware-infected page.
In a recent example of this, following the Boston Marathon bombings, attackers carried out one of the largest malware phishing campaigns seen to date. Some 28.7 million messages were sent from 249,257 IPs using just 46 domains.
Payment longline emails, meanwhile, come in at No. 3, preying on the fear of employees. Customers receive details of orders they hadn’t actually placed from trusted sources, setting off a panic reaction. Fear of compromised accounts motivates users to share personal information to verify. Credit card attack emails in particular elicit a 24% click rate within organizations, Proofpoint found.
Watering hole attacks are effective too; hackers initially compromise legitimate sites to gain access to its systems, targeting a site they know employees regularly visit. Attackers then use targeted emails to encourage employees to visit the affected pages, resulting in them being infected with malware.
In the No. 5 position is the “Social Network Longline” attack, where credible sources such as LinkedIn are used by hackers to prey on the desire of users to grow their network. Businesses receive a small volume of emails per attack with aggressive obfuscation and customization techniques, making them hard to detect.
Email attacks are even tougher for IT teams to get their arms around thanks to an increasingly mobile workforce. “Today’s mobile and remote working habits also mean that nearly one in five clicks on malicious URLs happen off-network, bypassing traditional security controls such as web gateways, IDS and firewalls,” said EMEA Director at Proofpoint, Mark Sparshott. “Hackers know security teams are struggling to bridge the ‘off-network security gap’ and so often prey on this area by sending emails on a Friday evening knowing that some of their targets, particularly senior employees, diligently check their emails over the weekend.”
The stakes are of course higher than ever. “Research into disclosed breaches shows that 66% go undiscovered for months, with the average hacker spending eight months on a victim’s network before being discovered,” Sparshott concluded. “Disclosing breaches to the ICO and affected individuals is a requirement today. However, the lack of visibility that in-house security teams have means that 63% of breaches are disclosed by third parties instead, typically via the press which is particularly damaging on goodwill and customer confidence. Whilst the No. 1 focus should be prevention, early detection of successful breaches should not be far behind in the list of priorities."