Earlier this year, it was announced by the anti phishing working group (APWG) that February 2012 had seen record amounts of phishing emails detected.
Add this to recent research from Trend Micro that determined that 91 per cent of targeted attacks begin with a spear phishing message, this sends out some complicated messages. So, you could argue that the concept of mass phishing campaigns are over and that it is all about spear phishing is the successful trend for the attacker, but the APWG data contradicts that.
What is more likely is that cyber criminals are not seeing large-scale attacks as useless and are concentrating on targeted attacks, but more likely are trying everything in the ambition that something works.
Rohyt Belani, CEO at PhishMe, predicted that phishers will be changing their tactics in 2013 and resorting to targeted spear phishing emails rather than the mass mails of the past.
He said: “Currently a phisher might send an email to John saying ‘It was great to meet you at XYZ event last week, here's a link to some of the research we covered on the day which might be interesting to you' (because the criminal has seen from his Twitter feed that John was at an event last week). But John might not remember meeting that person and might feel a bit suspicious and not click on the link.
“However, criminals are starting to build up trust by using a two-pronged approach to spear phishing to try to make the automated emails seem more human. So the criminal might initially send an email to John saying ‘It was great to see you at XYZ event last week, I'm just working on a report that I think you might find interesting – I'll send it over to you tomorrow', and lo and behold, tomorrow comes, John receives the email he has been told to expect, and his defences are down – so he is much more likely to click the link and the criminal has his way in to the network.
“The best technological defences are unlikely to stop an email like this, so you have to train your users what to look out for.”
Belani said that as sear phishing attacks are performed by humans against humans, so while software solutions exist, relying on technology alone is not enough and companies need to employ a holistic approach with anti-virus and filters that will remove more basic, generic attacks.
A recent comment on the SC Magazine website on the Trend Micro research suggested that any decent mail filter should drop all attachments which are password protected or executable, and scan those remaining files it lets through for malware.
Speaking to SC Magazine, Daniel Axsater, CEO of anti-spam technology vendor CronLab. He said that email security was not an old concept and it was just as necessary now as always 'or you will get spam and phishing'.
Commenting on the recent research, Axsater said: “There is still a lot of phishing. We are seeing an increase but we are seeing a decrease in the volume of spam but an increase in its severity, there is still spam related to Viagra and Canadian Pharmacy, but also an increase in viruses in phishing attacks. That is why email security is still so apparent.”
Any integrator or analyst will tell you that a layered approach to security is required for best practice protection, and email security should be part of that. Yes web-borne malware may still outrank that on emails, but that is not an excuse to take a relaxed approach to email-based malware.
As 2012 comes to an end and 2013 sees many predictions on future trends of attack vectors, it is unlikely that a rise in phishing or spam will be among those, but targeted attacks will likely feature heavily. Before dismissing, consider the reality of email – it's here to stay after all.