Spear Phishing – a variant of the phishing APT attack

July 8, 2016
Spear Phishing attacks

Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business.

Similar to classic and traditional based phishing attacks spear phishing leverages social engineering to trick the user into a call to action to divulge sensitive or personal information or else click on a link or attachment that contains malicious software.

Advanced Persistent Threat (APT) attacks are where stealthy and sophisticated malware infect an organisation’s network for the purpose of subterfuge and malicious activities. It is well reported across the security industry that one of the main ways that malware can evade gateway detections to deploy the payload within a network is via a spear phishing based attack. Essentially, a targeted email with malicious URL or attachment is sent directly to someone within the organization and the individual victim is tricked into infecting their device, hence the organisation’s network.

Once the unsuspecting victim clicks on the email link or attachment, malware can be installed with the capability of stealing corporate credentials, bank account information or other personal / corporate information. Alternatively, the spear phishing attack can directly ask for such information without any need for malware.

The particularly nasty component to spear phishing is that the attack is very targeted. Criminals can glean a lot of corporate and personal information regarding an individual or a business that is already in the public domain such as the organization’s website, social media and business directories. Also the criminal can use other previous social engineering attempts to build up a profile of their intended victim. Using the previously garnered information, and some presumptions, a criminal can launch their a very targeted campaign, sending their phishing email to a specific person in the organization such as CFO, CEO, or other targeted victim.

Spear phishing mitigations are problematic to the polity of the attack and criminal activities. Reports from our customers and what our Security Analysts routinely observe is that Social Media presents a great opportunity for the criminals to leverage their nefarious activities. It is all too easy for the criminals to set up duplicate social media accounts and a build a false circle of trust – another avenue for the criminals to secure trusted information about the victim organisation.

About the author

Leave a Reply