Phishing attacks have evolved into highly targeted ‘watering hole' tactics.
According to research by Websense, some phishing campaigns are now so targeted that as well as attacking governments and large organisations, such as the White House and RSA, they are now one of the primary vectors of data compromise and subsequent data loss.
Speaking to SC Magazine, Carl Leonard, senior security research manager, EMEA at Websense, said that spear phishing is not about sending 500,000 malicious emails in the hope that ten per cent of recipients will click on it, but it is targeted and dependent on timing.
He said: “There has to be something there that makes the recipient believe it is legitimate. It is often targeted and low volume and with a specific intention in mind.”
“The attacker doesn't do any emails at all; they are waiting like an alligator to jump out. We see this being used in the last six months and it is efficient to me, as people can be targeted with spear phishing messages and social engineering techniques are used in these ‘watering hole' attacks. The user sees something and thinks it is for them and clicks on it.”
Leonard said that an example of this would be a security journalist who would perhaps be interested in awards websites, so those websites would be compromised and when the journalist visited the website, that is when the phishing attack would happen.
The research also found that the majority of phishing attacks were sent on Mondays and Fridays. Websense said that it discovered 32 per cent of attacks sent on Fridays and 30 per cent sent on Mondays, while other days have only five per cent rates.
Leonard said: “It seems to be that users are more vulnerable at certain times of the week.”
According to Leonard, the best ways to protect against such attacks is to use technology, and URL sandboxing is one such option, but user eduction is better.
Asked if there was a change in tactics by attackers, Leonard said: “It comes down to the state of the economy, people are more interested in their finance and more people have access to the internet than ever before, and that is how users manage their lives and finances and attackers are people who want a slice of the pie.”