What Trend Micro’s research means for organizations

Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution.

Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.

Cyber Monday phishing scams could affect the workplace

If you’re like me, then the idea of fighting the midnight crowds on Black Friday holds limited appeal, even if it means getting an 80% discount on a big screen TV. But thanks to Cyber Monday, people can get ridiculous deals without peeling themselves away from their computers – or offices.

Presidential Phishing Scams: Examining Voter Vulnerability

With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?

Breaking the Myths of Social Engineering

Last week, a Washington Post article by Robert O’Harrow offered an interesting look at the most common attack vector used by cybercriminals to penetrate enterprises today: spear phishing. While we applaud (loudly) the thrust of the article – that enterprises need to educate users on the dangers of spear phishing – there are some very real challenges in user education that the article does not address.

LinkedIn password leak: What it means for phishing

Spoiler: LinkedIn password leak: What it means for phishing?  Answer:  Not Much!

When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?”

This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.

Anatomy of a vulnerability based spear phishing attack

Anatomy of a vulnerability based phishing attack
This week SC Magazine named  the Chrome vulnerabilities the Threat of the month.  So, how would an attacker use this vulnerability in a spear phishing scam you ask?

They know their audience

Advanced threats know who they want to target, it doesn’t matter that your Skype handle is @kukubunga998 – they know you work for the organization they are targeting.  They also deduce (the same way a marketer does) that you are a Chrome user, or that you have it installed for some reason or another.  They know that your organization is big on BYOD but still has IE 9 as it’s default browser (ie. they may not be paying attention to Chrome).

They set the trap

It could be “Critical Chrome Update required”, or “Click here to view the best new twitter app” or “best new home brew formulas” – again they know you, the email will be crafted to you, not to the person in the cube next to you.

You respond

You follow the link, phew you are using IE!  Do you really think they didn’t think about this already?  The page says “We’re sorry, our application only works with Google Chrome, please reopen this page in Google Chrome or click here to download it”.  You do as instructed because it is Google Chrome, the best and most secure browser on the interwebs, right?  Poof – you’re owned, best part is that you don’t know it – they follow through on the promise that the email made, you are none the wiser and now you, your personal data, and your organization’s data are at risk.

Seems a bit too easy, right?  Protect yourself, protect your customers and protect your organization – knowledge is power (Sir Francis Bacon).

2011 – The year of spear phishing And spear phishing

spearphish vs spearphish

spear phish vs. spear phish

An odd title for a blog post but something that has been on my mind for a while now. We get a fair amount media requests for comments or perspective on phishing stories.  This is a good thing. It’s nice to have recognition in your field. Of course 2011 was no shortage of phishing related news. (What’s up RSA, I’m looking at you. I’ve noticed you frequent our website a lot. How about a demo. Couldn’t hurt?)

Spear Phishing with Password Protected Zip Files

The Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms

What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering.  Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman.  You can read the entire paper here.

The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in the email. This extra stage is used to prevent automated systems from extracting the self-extracting archive.”

Packing malicious code into ZIP file and including the password in the body of the email is fairly common spear phishing technique that has been going on for quite some time.  In fact, we have specific training about this tactic available at PhishMe. Here is a small snip from our training about password protected ZIP files:

By now you may be aware of spear-phishing emails that contain malicious attachments.  We have technology in place that scans email looking for malicious attachments, but it’s not foolproof.  In this cat-and-mouse game, the bad guys are always looking for new ways to get past our safeguards.
One technique they use is placing the malicious attachment inside of a password protected ZIP file. It works like this:  the attacker zips the malicious file, then puts the password for the ZIP file in the body of the email. They do this because they know our email security tools can’t see what is inside the protected ZIP file.
 
Existing PhishMe customers:  If you haven’t gotten the message out to your people about spear phishing using password protected ZIP files, login to you account and check it out.
 

Future customers:  You could be using our award winning solution right now to train people about this exact tactic.

stay safe,

Aaron Higbee

Current events: How news exposes your company to spear phishing attacks

Like many high-profile events, the passing of Apple’s co-founder and former CEO, Steve Jobs, has initiated a slew of new phishing attacks that are designed to play on recipients’ emotions about the event.  Steve Jobs and Apple themed phishing campaigns are in the wild but more concerning are the spear phishing attacks targeting iPhone usersPhishMe understands how these events can adversely affect our customers therefore we have released a new phishing simulation theme designed to train susceptible users on how to identify and avoid current event based attacks.

-Scott