iDefense - Phishing E-mails Become More Sophisticated & Stealthier

With rising number of targeted phishing attacks, security experts at iDefense, a security intelligence company, state that phishing e-mails have become more sophisticated.

Spam continues to be a major problem as nearly 100 Billion spam e-mails are sent every day, say security experts who feel that the number of phishing e-mails has been mounting.

According to the statistics given by the company, within a span of six seconds, a new malware gets ready to be installed on the system. Once installed, it becomes extremely difficult to detect it, which, in turn, makes way for a spear-phishing attack.

As per the previous statistics released by the company, it identified 66 different kinds of whaling and spear phishing attacks from February 2007 to June 2008. At the same time, the security company predicted that the volume as well as sophistication level of attacks would rise in coming months.

The main reason behind this flood of highly sophisticated attacks is to steal customer database, corporate banking information and other sensitive information to carry out cyber crimes successfully, said iDefense. It further revealed that the number of corporate victims in the attacks carried on for 15 months surged to 15,000.

A big chunk of victims include employees of Fortune 500 companies, financial institutions, legal firms and government agencies, as per the iDefense analysis.

Meanwhile, describing these targeted attacks, iDefense have accredited two different groups of attackers for around 95% of the spear-phishing attacks. The modus operandi of each group is different from other as both of them install distinctive malicious code and work independently. One group, which calls itself "Group B", loads BHO (Browser Helper Object) that logs on SSL encrypted sessions and launches man-in-the-middle attacks over two-factor authentication systems.

Other group installs Apache Web server's full version on the victim's system, giving them a name called "Group A". Moreover, this group loads keylogger on the victim's system that is capable to launch attack over two-factor authentication systems.

iDefence has recommended to provide in-depth training to employees and working staff on social engineering attacks, particularly spear phishing. It also stated that single layer defense will fail to give protection against these attacks; only layered defense comprising gateway antivirus and desktop could give protection.

Related article: IDefense Gives Facts & Statistics on Spear Phishing

» SPAMfighter News - 12/1/2008