Targeted attacks nearly always begin life with a spear phishing message, according to research.
Trend Micro claimed that 91 per cent of targeted attacks begin with a spear phishing email, according to data collected between February and September this year.
The report said that 94 per cent of targeted emails use malicious file attachments as the payload or infection source, with the remaining six per cent using alternative methods such as installing malware through malicious links.
The most highly targeted industries are government and activist groups, with information on government agencies and appointed officials found on the internet and on public government websites.
Rik Ferguson, director of security research and communications at Trend Micro, said: “We fully expect to see a resurgence of malicious email as targeted attacks expand and evolve.
“Experience has shown us that criminals continue to abuse tried and trusted methods to directly leverage intelligence gathered during the reconnaissance for targeted attacks.
“We have also seen that targeted attacks are evolving and expanding. The abundance of information on individuals and companies makes the job of creating extremely credible emails far too simple. It's a part of a custom defence that should not be ignored."
The research also determined that executable (.EXE) files were not commonly used as spear phishing email attachments, likely due to the fact that emails with .EXE file attachments are usually detected and blocked by any security solution.
Instead they come in the form of .LZH, .RAR and .ZIP files after being compressed and archived before being sent. In some cases, compressed files were password protected to further prevent their malicious content from being detected by security solutions.