Spear phishing attacks have always targeted victims with precision, however, it is now becoming even more “laser-focused,” researchers said.
That is because attackers are targeting campaigns at a small number of focused inboxes belonging to the victim organization, according to a report released by Israel-based anti-email phishing solutions provider IRONSCALES.
The company reviewed data from 500,000 inboxes belonging to more than 100 of its customers over 12 months. An evaluation of 8,500 emails that bypassed spam filters showed 77 percent of attacks targeted 10 inboxes or less, and one-third of malicious messages targeted only one inbox.
That led researchers to believe attackers have been targeting fewer inboxes as this can help their operation stay under the radar longer, and it increases their chances of success if the emails are “hyper-personalized.”
The IRONSCALES study showed 65 percent of email phishing attacks lasted for up to one month, and nearly half of them only lasted for less than 24 hours. Of the campaigns that went on for more than 30 days, roughly one-third spanned across 12 months or more.
Researchers noticed attackers have increasingly aimed blast campaigns, which are not tailored to the recipient, at less than 10 mailboxes at a time.
On the other hand, malware drip campaigns, which are more personalized, are more successful at bypassing traditional spam filters and they typically last longer.
According to the report, nearly 95 percent of phishing emails were part of highly targeted campaigns involving messages that impersonated someone from within the organization. Phishing emails that spoof a popular brand name are less common as they are more likely to be caught by spam filters – IRONSCALES noted for every five brand-spoofing attacks detected by spam filters, 20 spear-phishing emails went undetected.
The most targeted departments are operations and finance, and the most frequently spoofed brands are DHL and Google.