IDefense Gives Facts & Statistics on Spear Phishing

Noted vulnerability research and security firm iDefense Labs has released its latest report that indicated 66 distinct incidences of spear phishing attempts were made during February 2007-June 2008, with the number of attacks are continuously increasing.

Furthermore, report for April and May 2008 by iDefense Labs indicated that socially engineered assaults against specific corporations had been climbing new heights.

Nevertheless, iDefense Labs stated in its new report that the attackers of spear phishing have claimed over 15,000 corporate victims in just 15 months, with the victims losing more than $100,000 in certain cases. Also, victims of spear phishing attacks, as per the report, consist of Fortune 500 companies, legal firms, financial institutions and government agencies.

Describing spear phishing, iDefense Labs stated that it is a cyber crime that chooses a specific target to whom e-mails are sent that appear to arrive from a trusted source like someone in an authoritative position within the same organization where the recipient works.

Further, according to the researchers, spear phishers utilize these messages to acquire and get access to confidential data on corporate systems.

And aside the apparent threats that spear phishers blemish on the disappointed employees of a company, they may also attempt to flee with corporate secrets. Still more frustrating, according to iDefense, is when the attack uses the end-user attack on others while the victim intends no harm but remains baffled about the action(s) that might be taken on him after the entire phishing round.

And with the continuous increase in the number of spear phishing attacks, iDefense recommends that employees and executives should be provided training on attacks especially 'spear phishing' that use social engineering. Also, while a single defense might not stop these attacks, a large number of them could be prevented using multi-layered defenses consisting of gateway and desktop anti-virus, URL filtering, continuous monitoring of irregular network activity as well as the utilization of non-administrative access accounts.

Interestingly, a lot of other security companies, like iDefense, harbor a similar view that spear phishers are getting extremely sophisticated and effective, with the computer user suffering the greatest damage.

Related article: iDefense - Phishing E-mails Become More Sophisticated & Stealthier

» SPAMfighter News - 8/6/2008