Kaspersky Lab summit: phishing is evolving as hackers get better and people are more easily caught out

News by Dan Raywood

Targeted attacks are being better exploited by cyber criminals as tactics improve.

Targeted attacks are being better exploited by cyber criminals as tactics improve.

Speaking at Kaspersky Lab's Security Analyst Summit in Cyprus, enior security researcher at Kaspersky Lab., Stefan Tanase, claimed that social engineering attacks are often successful, as the writers of phishing attacks are using online tactics to better their chances of success.

Asked if language specific phishing emails were an issue, he claimed that these were a problem in the consumer market, but as typical '419' type attacks use online translation services to be language specific they are more likely to be opened.

He said: “There is also geographical targeting which can extract the IP address for social engineering attacks. There was an example of an attack where a message said that a bomb had exploded near you and they use that to gain trust. They will also use information from social networking sites such as hobbies and interests to make better social engineering stories.

“We are seeing exploits on Twitter with trending topics and on Google with blackhat search engine optimisation where they are using Google Trends and keywords on their sites to get better rankings.

“You can create this around the system. Twitter has an API and this is usually a good thing but it can be a double-edged sword for genuine developers, but like other technology it can be good and a bad thing.”

Tanase talked of an incident where he was in a bank and the teller showed him his screen and he was able to see what anti-virus the bank used, meaning if he was able to determine a vulnerability he would be able to attack the whole bank.

He said: “It is an interesting story as people think it is hard to get the insider information and most of the time it is simpler. By getting the employee to click on an email you can learn what browser they are using, what operating system, and as most people use JavaScript you can extract information just by using code on the link.”

Tanase further commented that while using the same anti-virus software across a company helps support and roll out updates, from a security view you will find vulnerabilities.

He said: “With a targeted attack, I don't go to the place I want to reach like the CEO, no I choose an employee. Never go to a final target, go through an easy access point in most cases.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews