In terms of cybersecurity, spear phishing has been around pretty much from the beginning as an attack. The reason it has had stamina to last as long as security attackers have been around is very simple: It works.
Along those lines, Europol’s European Cybercrime Centre (EC3) published a strategic report on spear phishing, reflecting the views of law enforcement and private industry on one of the most prevalent cyber threats currently affecting organizations across the EU.
Spear phishing is the practice of targeting specific individuals within an organization or business for the purposes of distributing malware or extracting sensitive information. As reflected in this year’s Internet Organized Crime Threat Assessment (IOCTA), spear phishing is the number one attack vector and enabler for the vast majority of cybercrimes.
“In March 2018, the leader of the organized criminal group behind the Carbanak and Cobalt malware, causing over EUR 1 billion in losses for the financial services industry, was arrested by the Spanish National Police in an international, European Cybercrime Centre (EC3)-coordinated operation,” the report said. “Having started their criminal activities in late 2013, the group targeted ATM networks and financial transfers around the world by sending spear phishing emails with malicious attachments to bank employees. Responsible for up to €10 million per heist, the arrest of the group’s leader was hailed as a significant success for law enforcement in one of the most high-profile investigations into cybercrime targeting the financial services industry to date.”
The report continued, “The Carbanak/Cobalt case is significant for two reasons. First of all, the modus operandi employed by this group provides a fitting reflection on the way sophisticated, and highly targeted spear phishing attacks are used by organized criminal groups to carry out various cybercrimes. Second, the investigation did not only involve successful cross-border cooperation between several law enforcement agencies, but also direct involvement of the private sector. The European Banking Federation, through their vast network of partners, provided intelligence, which turned out to be critical for the investigation of the gang and the eventual arrest of its leader.”
Europol added the private sector’s role was important, not only in this investigation, but in the fight against cybercriminals in general. Not only does the private sector hold much of the evidence of cybercrimes, but private party reporting of fraudulent transactions, information on criminal networks and data breaches are among the most effective measures to prevent and investigate cybercrime.
“One year after the arrest made in Spain, spear phishing is still one of the most common and most dangerous attack vectors seen by both, law enforcement and industry,” the report said.
The report is the result of a two-day meeting with the European Cybercrime Centre’s 70 key industry partners from Internet security, telecommunications and financial services. The Joint Advisory Group Meeting, which took place March 26 – 27, gathered representatives from industry and law enforcement at Europol’s headquarters in The Hague to discuss what can be done to help mitigate this type of crime.
The report highlights the role of spear phishing as the main attack vector for cybercriminals and contains the methods criminals use to deceive the target (among others, emails coming from trusted accounts, malicious attachments or links to fraudulent websites). Moreover, the document collects conclusions and recommendations for organizations on how to effectively combat this threat on a technical, educational, as well as operational level – enforcing security policies, implementing artificial intelligence and raising public awareness on the topic.
At the same time, the report highlights some of the challenges related to information-sharing and the investigation of spear phishing attacks. A collaboration effort with law enforcement and the private sector should be done collectively.
“Spear phishing is a major enabler of some of the most serious forms of cybercrime, especially ransomware, and can cause real harm to European citizens and organizations,” said Steven Wilson, head of Europol’s European Cybercrime Centre. “We can only tackle a threat of this scale effectively by working closely with key partners from across industry. The EC3 Advisory Groups and this report are a reflection of our ongoing cooperation to tackle the threat from cybercrime.”
Click here to download the report.