This is what makes spear phishing attacks so hard to defend against. In the case highlighted by MessageLabs, individuals received e-mails from senders they believed were high-level HR and IT staff in their own company. The e-mails either asked them to open the attachment for security reasons or enticed them to open it by naming it something interesting, like “new_salaries_2011.pdf” or “EmploymentOpportunities.xls,” along with language describing what’s inside them. Once these attachments were opened, a malicious payload was delivered to the victim’s computer.
In the e-mail whose subject line read “securityupdate.zip,” the e-mail’s body further persuades the recipient that the e-mail is legitimate by deftly dissuading the individual from contacting their IT department.
“If you have any questions please don’t hesitate to contact IT Security personnel by replying to this email,” the e-mail read, “but bear in mind that it might take some time to answer your questions since we are currently applying the fix to all the affected servers to minimize the company’s risk and exposure.”
Overall, MessageLabs also finds that more and more cybercriminals are turning to targeted attacks. Since their discovery five years ago, MessageLabs tracked only one or two targeted attacks per week. In October 2010, the security vendor blocked about 77 targeted attacks per day.
“While targeted emails by nature are sent in low volumes, they are one of the most damaging types of malicious attacks,” said Wood. “We have seen a constant influx of targeted attacks over the past six months with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month.
♦ Graphs courtesy of Symantec's "MessageLabs Intelligence October 2010" report