Spear phishing attacks that target specific people at enterprises with the aim of gaining a foothold into the corporate network, often contain malicious file attachments and are at the core of most targeted attacks, according to a new report.
In an analysis of targeted attack data collected between February and September, Trend Micro found that 91% of targeted attacks involved spear phishing. Malicious file attachments were contained in 94% of emails, according to the report "Spear Phishing Email: Most Favored APT Attack Bait" (.pdf).
The custom malware is usually embedded deep within a document, such as a phony business report, spreadsheet or resume, Trend Micro said. "Employees in large companies or government organizations normally share files via email since downloading materials straight off the Internet is regarded as insecure," the security firm said.
Phishing is at the heart of many publicly reported data breaches, according to a variety of industry studies. A caseload review conducted by Verizon, which served as a preview to the 2012 Verizon Data Breach Investigations Report, noted that social tactics, such as phishing, were tied to over half of all data loss in the 90 breaches investigated by Verizon in 2011.
A computer forensics team also noted recently that a phishing attack sparked the massive South Carolina data security breach, but it is unclear whether it was a spear phishing attack or a run of the mill phishing campaign that gave a lucky attacker account credentials into the state's sensitive databases. Last year, spear phishing was technique used by the attacker that infiltrated the U.S. Chamber of Commerce breach. China-based hackers are believed to have carried out the attack.
Enterprises most at risk
The Trend Micro report found that .exe files are no longer popular among cybercriminals, since most enterprises filter out the file type with email filtering technology. The most abused file type: .RTF files, according to the report. Rich Text Format (RTF) is harder for organizations to block, because it is used to exchange text files between Microsoft Word and other programs and operating systems.
Government agencies and activist groups are most at risk of a spear phishing attack, according to the report. The public nature of the employees in the two sectors makes it easy for an attacker to find victim email addresses and target them with a convincing email containing a malicious file attachment. Companies in the heavy equipment, aviation and aerospace and financial industries are also at an elevated risk level.
Experts advocate user education, tighter social media policies, strong antimalware and email filtering technologies to mitigate the risk posed by spear phishing attacks. Employees can also undergo spear phishing drills to test the effectiveness of education.