To users, spear phishing emails may seem like innocent requests for information or other forms of benign contact, potentially appearing to even come from a person or company a user is friendly or familiar with. But for attackers, spear phishing emails are most often the best way to get the keys to the kingdom.
\nMost people are familiar with phishing \u2013 an attempt to obtain user credentials, financial data, or other sensitive information by emulating a legitimate email communication. The information gathered can be sold on the black market, or used directly for theft, further fraud, or in some cases, blackmail.
\nSpear phishing, on the other hand, is a type of targeted phishing in which an attacker first researches the target individual or company to increase their chance of success. Because this allows the attacker to appear more trustworthy as a legitimate business entity, users are less suspicious. This added level of comfort represents a much greater threat than untargeted, mass spam or phishing emails.
\nIn fact, a recent study conducted by Vanson Bourne (sponsored by SecureItlab), 300 firms in the US and UK reported that 38% of cyber attacks in the past 12 months came from spear phishing.
\nIn the past two years, many of the highest profile and most damaging data breaches have started with attackers getting into networks via a successful spear phishing email. This form of entry applies to both for profit attacks as well as state-sponsored hacks on government targets and private businesses.
\nTo illustrate the seriousness of spear phishing threats, here, in no particular order, are top ten targeted security breaches that began with spear phishing:<\/p>\n
In 2015, Kaspersky Labs released a report detailing attacks against up to 100 banks worldwide by an unknown group of cybercriminals. Kaspersky claimed that the banks suffered financial losses of $2.5 million to $10 million per bank, for a total of up to $1 billion USD. The attackers used spear phishing emails containing weaponized .doc (Microsoft Word) and .cpl (Microsoft Control Panel) files to execute a backdoor called Carbanak. This allowed the attackers to perform reconnaissance that eventually led to access to money processing services. Information from 76 million customers and 6 million businesses was exposed when an employee\u2019s credentials were stolen and used to access an older server that lacked two-factor authentication. This breach continues to be tied to ongoing criminal activity like pump and dump stock scams. Following the breach, the bank announced it would increase spending on cybersecurity by $250 million and dedicate a 1,000 person IT team to security. A \u201csmall number\u201d of employee credentials were compromised, resulting in 145 million user records being stolen. eBay was criticized for having sensitive data in one location and unencrypted. Stolen data did not include credit card or other financial information, so while the eBay users may have been subject to spam or phishing attempts after their contact information was stolen, there was no direct financial risk to eBay itself, aside from the negative publicity. Forty million credit cards and 70 million other records, including customers\u2019 email addresses and phone numbers, were compromised after credentials were stolen from an HVAC firm that did business with Target. The firm had remote access to Target\u2019s network, and the attackers used this to install malware on Target\u2019s point-of-sale payment systems. Experts estimate that the hackers sold the 1-3 million credit cards for $18-35 each, making $54 million from the heist. The company lost $46.7 million due to CEO spoofing (also known as the \u201cbusiness email compromise\u201d), in which the attacker impersonates a ranking executive via email and authorizes a wire transfer to an account owned by the attacker. Ubiquiti later tracked down and recovered $8.1 million through legal actions in various countries. The Chief Accounting Officer resigned. Eighty million records were stolen from the country\u2019s second largest health insurer, including social security numbers and patient records \u2013 both valuable, high-priority assets for attackers. While credit card numbers sell for $0.50-$1 each in underground markets, social security numbers, which can be used for tax return fraud or other forms of identity theft, may sell for as much as $30 each. Medical records can sell for $50-$100 each. The attack vector is unknown, but Anthem called it \u201ca very sophisticated external cyberattack.\u201d Internal documents, financial records, unreleased motion pictures, and private, revealing emails were leaked by what were believed to be North Korean state-sponsored actors upset by the release of The Interview, a movie which depicts the assassination of North Korean leader Kim Jong-un. Employees\u2019 personal information and 47,000 social security numbers were also stolen, and malware was used to cripple Sony\u2019s network. Access was obtained with a combination of spear phishing using fake Apple ID verification, public LinkedIn information, and users using the same password for multiple accounts. A Russian group, responsible for several other high-profile attacks and believed to be a state-sponsored actor, used spear phishing emails to collect credentials, gain access to a trusted network, and overheat a blast furnace at a steel mill in Germany, causing significant physical damage. Experts believe a second ThyssenKrupp plant in Brazil may also have been attacked. More than 21 million U.S. federal employees had their personnel files exposed, including many with high level security clearances. Many reports attributed the attack to state-sponsored hackers connected to the Chinese government. China denies the charges but in late 2015announced it had arrested some of (allegedly) \u201ccivilian\u201d hackers. In addition to personnel files, copies of more than 5 million employees\u2019 fingerprints on file were also stolen. In the fall of 2014, Russian actors, possibly state-sponsored, used spear phishing to obtain access into the State Department and from there leapfrogged into an unclassified, but still sensitive, White House system that gave Russian actors access to email sent to and from President Obama. This forced a partial shutdown of the White House email system and caused further disruption of the State Department email system. To users, spear phishing emails may seem like innocent requests for information or other forms of benign contact, potentially appearing to even […]<\/p>\n","protected":false},"author":120,"featured_media":463,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[31],"tags":[],"class_list":["post-88","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-phishing"],"_links":{"self":[{"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/posts\/88","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/users\/120"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/comments?post=88"}],"version-history":[{"count":2,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/posts\/88\/revisions"}],"predecessor-version":[{"id":2726,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/posts\/88\/revisions\/2726"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/media\/463"}],"wp:attachment":[{"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/media?parent=88"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/categories?post=88"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tikaj.com\/wp-json\/wp\/v2\/tags?post=88"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nNotable for<\/em>: The largest recorded cyberheist in history, the Carbanak attack was noteworthy for its coordinating attackers (aka \u201cmules\u201d) who waited at pre-arranged times at ATMs as the cash machines spit out millions
\nOn average, it took from two to four months to extract money from each victim bank, starting from the Day 1 of infection to cash withdrawal. The average amount taken from each bank was between $2.5 and $10 million each.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>Banking<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: \u201cProfessional\u201d approach to spear phishing: the instigators ran a 200 person firm. Also notable was the fact that federal officials found the culprits and charged and arrested two of the three known kingpins in Nov. 2015.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>eCommerce<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: One of the biggest data breaches in history, the eBay attack caused a short term decline in volume for eBay\u2019s merchants and the company\u2019s stock price and longer term damages to the company\u2019s brand and reputation.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>Retail<\/strong><\/li>\n<\/ul>\n
\nNotable for:<\/em> The devastating and very public impact to the company\u2019s reputation, bottom line and senior management. The story made headline news around the globe. Profits for the quarter dropped 46%. The company spent a minimum of $148 million in direct, breach related costs. Credit card companies paid $200 million to replace 21 million compromised cards (according to the Consumer Bankers Association and the Credit Union National Association). Both the CTO and CEO were summoned to testify before Congress about the breach. Both also resigned.<\/p>\nFor Profit Attacks \u2013 Spear Phishing \u2013 Wire Fraud<\/strong><\/h2>\n
\n
\nIndustry:<\/strong><\/em> <\/strong>Technology<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: The largest known case of wire fraud from spear phishing to date.<\/p>\nState-Sponsored Attacks \u2013 Businesses<\/strong><\/h2>\n
\n
\nIndustry:<\/strong><\/em> <\/strong>Health Care<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: The attack has been widely attributed to state-sponsored hackers from China. Recent reports have concluded that the attack took place because the Chinese government wanted to understand how the U.S. healthcare system worked. Although the Chinese government was the prime suspect; later, Chinese officials arrested civilian hackers.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>Entertainment<\/strong><\/li>\n<\/ul>\n
\nNotable for:<\/em> Hundreds of theaters refused to show the film, limiting its release to a small number of theaters and online video rental services.
\nOne of the company\u2019s chairmen resigned. Employees filed a class action lawsuit seeking damages for the loss of their privacy.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>Manufacturing<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: one of the earliest known cyber attacks that successfully crippled infrastructure.<\/p>\nState-Sponsored Attacks \u2013 Governments<\/strong><\/h2>\n
\n
\nIndustry:<\/strong><\/em> <\/strong>Government<\/strong><\/li>\n<\/ul>\n
\nNotable for<\/em>: Exposing the Office of Personnel Management\u2019s weakcybersecurity practices. The head of the agency, a political appointee, was summoned to testify before Congress and subsequently resigned from her position. In addition, American spies operating in China were forced to abandon their posts, after their covers were blown from the hack.<\/p>\n\n
\nIndustry:<\/strong><\/em> <\/strong>Government<\/strong><\/li>\n<\/ul>\n
\nIn the summer of 2015, in a similar intrusion Russian actors used spear phishing to obtain access to an email system used by the Pentagon\u2019s Joint Staff, forcing it to be taken offline and \u201ccleansed.\u201d The intrusion enabled the attackers to see unclassified emails of the Joint Chiefs of Staff. The attack on the Joint Chiefs and the Joint Staff caused the Defense Dept. to shut down email service for 10 days, affecting 4,000 employees.
\nNotable for<\/em>: Both attacks are being investigated by the FBI and Secret Service, and are considered by officials to be among the most sophisticated attacks ever launched against U.S. government systems.<\/p>\n","protected":false},"excerpt":{"rendered":"