Just over 90 percent of cyber attacks begin with a spear phishing email, according to Trend Micro.
Spear phishing is growing form of attack that makes use of information about a target to make attacks more specific and “personal.”
These attacks may, for instance, refer to their targets by their specific name or job position, instead of using generic titles like in broader phishing campaigns.
The goal of a spear phishing attack is to trick the victim into either opening a malicious file attachment or clicking a link to a malware- or an exploit-laden website, which could compromise the victim’s network.
According to a Trend Micro report 94 percent of targeted emails use malicious file attachments as the payload or infection source. The remaining six percent use alternative methods such as installing malware through malicious links.
“We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve,” said Rik Ferguson, director of security research and communications at Trend Micro. “Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks.”
Ferguson said the abundance of information on individuals and companies online makes the job of creating extremely credible emails very easy.
The most commonly used file types for spear phishing attacks accounted for 70 percent of them. The main file types were .RTF (38 percent), .XLS (15 percent) and .ZIP (13 percent).
Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments end up detected and blocked by security systems, Trend Micro said.
The most highly targeted industries for spear phishing were government and activist groups, the research found. Information about government agencies and appointed officials is all over on the Internet and often posted on public government websites.
Because activist groups are highly active in social media, and are also quick to provide member information — in order to facilitate communication, organize campaigns or recruit new members — member profiles are highly visible targets.
Trend said 75 percent of email addresses for spear phishing targets come through web searches or using common email address formats.
If firms are going to tackle spear phishing they’ll need to make sure they have the right protection in place though. One form of protection, antivirus software, is sometimes very weak at detecting new malware threats.
In one study, security firm Imperva team ran a collection of 82 new malware files through the VirusTotal system that checks files against around 40 different antivirus products, finding the initial detection rate was zero.