TMCnet News

Over 90 Percent of Targeted Attacks start with Spear Phishing Emails
[November 28, 2012]

Over 90 Percent of Targeted Attacks start with Spear Phishing Emails


Nov 28, 2012 (M2 PRESSWIRE via COMTEX) -- A staggering 91 percent of targeted attacks begin with a spear phishing email, according to new data collected by global security leader Trend Micro between February and September this year.

Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific and "personal". These attacks may, for example, refer to their targets by their specific name, rank, or position instead of using generic titles as in broader phishing campaigns.



The end goal is to trick the victim into either opening a malicious file attachment or clicking a link to a malware- or an exploit-laden site, starting a compromise within the victim's network.

According to the report, "Spear Phishing Email: Most Favored APT Attack Bait," 94 percent of targeted emails use malicious file attachments as the payload or infection source. The remaining 6 six percent use alternative methods such as installing malware through malicious links.


"We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve", said Rik Ferguson, director of security research and communications at Trend Micro. "Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks. We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored." Notable highlights from the report: The most commonly used and shared file types accounted for 70 percent of the total number of spear phishing email attachments during the monitored time period. The main file types were: .RTF (38 percent), .XLS (15 percent), and .ZIP (13 percent). Alternatively, executable (.EXE) files were not as popular among cybercriminals, most likely because emails with .EXE file attachements are usually detected and blocked by security solutions.

The most highly targeted industries are government and activitist groups. Extensive information about government agencies and appointed officials are readily found on the Internet and often posted on public governement websites. Activitist groups, highly active in social media, are also quick to provide member information in order to facilitate communication, organise campaigns or recruit new members. These habits elevate member profiles, making them visible targets.

As a result, three out of four of the targeted victims' email addresses are easily found through web searches or using common email address formats.

Trend Micro offers "first line of defense" email security against spear phishing attacks Organisations must be able to detect and block spear phishing attempts as their first line of defense against targeted attacks. As part of its Custom Defense against APTs launch in October, Trend Micro bolstered its suite of email security solutions to not only stop traditional threats, but also to identify highly targeted, acute email attacks.

Unlike standard email security solutions that are unlikely to detect spear phishing emails associated with APTs, Trend Micro's email security products automatically send suspicious attachments to Deep Discovery for analysis in customer-defined sandboxes and block spear phishing emails in-line. Beyond email threat detection and protection, Deep Discovery automatically issues custom security updates to other security layers throughout the organisation's network. Moreover, it correlates local findings with Trend Micro's global threat intelligence - to offer security teams valuable info on the nature and extent of the attack, and who is behind it. This custom insight enables organisations to better respond and protect against further attack.

Trend Micro's email security products that are equipped with spear phishing protection include: Trend Micro(TM) ScanMail(TM) for IBM(TM) Lotus(TM) Domino 5.5 -- available now Trend Micro(TM) ScanMail(TM) for Microsoft(TM) Exchange 10.2 SP2 -- available at end of December Trend Micro(TM) InterScan(TM) Messaging Security 8.2 SP2 -- available at end of December The full report, "Spear Phishing Email: Most Favored APT Attack Bait," is available here .

More information on targeted attacks in this video .

About Trend Micro Trend Micro Incorporated ( TYO: 4704 ; TSE: 4704 ), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro(TM) Smart Protection Network(TM) cloud computing security infrastructure, our products and services stop threats where they emerge -- from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and the products and services are available at TrendMicro.co.uk . Or follow our news on Twitter at @TrendMicroUK .

((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to [email protected].

[ Back To TMCnet.com's Homepage ]