Threat Intelligence Blog

Posted June 24, 2014

Hardly a day passes without an announcement of yet another data breach or targeted attack. P. F. Chang’s, eBay, and the RSA Conference website are just a few examples of high-profile incidents in recent months. In another recent case, the US Department of Justice indicted five people from the Shanghai-based cyber hacker group known as “Comment Crew”. A number of US companies, including U.S. Steel, Westinghouse and Alcoa, were the victim of targeted attacks to steal intellectual property and product specifications. According to reports, around 700,000 emails were stolen from Westinghouse alone.

Unfortunately, attacks and breaches such as these are all too common. According to statistics from a recent Proofpoint webinar, two-thirds of large US organizations were attacked in the past year, and one-third admitted to being breached. Although targeted attacks by foreign governments are one end of the spectrum, the majority of attacks are designed to compromise individual accounts.

Regardless of the attacker’s motives and the information that’s stolen, one thing that these incidents have in common is that they often can be traced to phishing schemes.

Before a Breach

Cases like the RSA website compromise and Target illustrate how hackers use phishing as a tried and true method to successfully infiltrate organizations. Whether the phishing emails are targeted at executives, customer support, or a third-party supplier, they are designed to appear as though they are from a legitimate business or individual and to infect systems and networks with malware. This in turn can then be used to install other programs to exfiltrate data and enable hackers to build backdoors for future data theft.

Since these phishing or spearphishing emails are crafted much more carefully than mass emails, they continue to be a very effective means to compromise organizations. Because these emails are personalized and may have details that criminals have discovered through social media or other online sources, they are much more likely to be opened, and less likely to be caught by spam filters.

After a Breach

After online retailer eBay announced that personal information, including the email addresses of more than 145 million users, had been stolen from the company’s databases in a cyber-attack, criminals immediately began taking advantage of this. By sending out phishing emails that are nearly identical to those from the actual company affected by a breach asking customers to change their usernames and passwords, criminals are able to collect log in information from untold numbers of unsuspecting victims.

One way that some organizations have addressed this conundrum is by setting up a dedicated resource page on their corporate website to post PDFs of all official communications that the company sends out. Another is to not provide an actual link within an email for customers to reset their usernames and passwords, but to ask them to go directly to the company’s official website instead and enter their details there.

Anti-phishing solutions, along with employee training, are critical in order to protect your enterprise. Our white paper on the true cost of phishing can help put the consequences of such an attack in perspective for your organization.


Additional Posts

10 Steps for Protecting Executives from Risks Using Cyber Threat Intelligence

The following is an excerpt from our new guide, 10 Steps for Protecting Executives from Risks Using ...

Behind the Scenes of a Failed Phishing Attempt

One of our customers recently asked us to analyze a phishing email claiming to be from Wells Fargo ...