Spear phishing attacks directed at businesses are multiplying and are now one of the biggest threats businesses face. But what is it and what are the risks for businesses? The cybersecurity world is bubbling with terms that often remain rather obscure. One of these is undoubtedly spear phishing. For anyone working in an enterprise at any level, however, the phenomenon of "targeted" phishing represents an extremely present danger. Knowing its characteristics and the risks it poses is critical to helping protect your business systems.
What is phishing: computer scam targeting credentials
The term phishing is now quite common and well-known. Phishing attacks, in short, are computer scams that aim to steal credentials (username and password) using e-mail messages that somehow "lure" victims to websites controlled by pirates. The key element of phishing is that the pirates impersonate someone else to lure their victims to the malicious site. Techniques can vary depending on the goals of the cyber criminals: in some cases, the most common ones, the pirates use Internet sites that are identical to the legitimate ones, with the aim of inducing users to enter their credentials to access online services. This strategy is normally adopted to target home banking services. In other cases, the message simply aims at diverting the victim to a website that contains malicious code and can compromise the computer of the visitor by installing malware. This second strategy usually exploits emails with attractive content, such as coupons or freebies that seem to be offered by well-known companies.
Definition of Spear phishing: the cyber attack is targeted
In the cases mentioned above, fraudsters target a wide audience, using spam campaigns via email or social networks to "hit the pile". In the case of spear phishing, however, we are faced with an extremely targeted attack. It's no coincidence that this technique is primarily used by extremely specialized cybercriminal groups, who primarily target businesses and organizations. Instead of using a generic (and usually rather implausible) bait such as discounts, promotions or gifts, authors of spear phishing attacks carefully plan their action, tailoring messages to the specific target. The least elaborate technique involves impersonating a person in the company's industry, such as a regulator or potential supplier/customer. The attack vector can vary: in addition to links to malicious sites, pirates use files of various formats attached to the message, "disguised" to look like administrative documents or containing information that may be of interest to the victim. Some criminals, however, also adopt more elaborate techniques.
Spear Phishing and Privacy
When high-profile targets are targeted, such as company executives or CEOs, pirates often decide to adopt an even more devious strategy, using content that may interest the victim in relation to their hobbies and personal interests as bait. To do this, they usually use social networks and any information available on the Web, such as interviews or public speeches signed by the same person they want to target. In short: they are able to exploit any element that can help them make the message more "appealing" and induce the victim to make the fateful click that allows them to compromise the computer and, as a cascade, obtain the credentials that allow them to gain access to services and corporate resources.
What consequences of Spear phishing on companies?
If the attack technique is well defined, the consequences may vary depending on the modus operandi of the hackers. In some cases, the stolen information can be used to carry out elaborate scams against the company. For example, wire transfers may be requested at the request of senior executives, in this case CEO Fraud, or from real invoices but to fraudulent bank accounts created by the hacker for the specific attack. In other cases, instead, the stolen information can be exploited by cyber criminals to gain access to the company's systems and bring real sabotage attacks to the computer systems or for industrial espionage actions. In any case, the consequences for the company are always extremely serious.
How to defend against spear phishing
The tools for the analysis of e-mail messages can represent an effective barrier not only for phishing, but also for its "personalized" variant.
Thanks to the use of artificial intelligence algorithms, in fact, it is possible to identify the suspicious elements that can characterize a spear phishing message.
Another element that allows the identification of potentially malicious emails concerns the domain used by the sender.
The spear phishing techniques, in fact, often foresee the use of email addresses that use a domain very similar to the one of legitimate subjects, for example adding some letters inside the domain.
By using threat intelligence systems it is possible to detect at an early stage the presence of this kind of domains and block spear phishing messages.