Spear-Phishing Stats Disclosed Unsolved Holiday Spike

When enterprise security operations centers are lightly staffed or understaffed, spear phishing increases especially during holidays, reported by FireEye in its recent second half 2011"Advanced Threat Report" released today (14 February 2012), according to the news published in FireEye blog on February 14,2012.

According to FireEye, modus operandi of attackers seems to be tightly functioning even during the U.S. holidays also, including Columbus Day, Labor Day, Independence Day, and Thanksgiving Day, when there is a zoom in the attack levels suddenly. The Company also described the pattern of malware-based attacks during 2011.

However, the level of attack reduced during Christmas and New Year's celebration, even below the standard. Only rumors are prevalent that significantly fewer employees are working during these holidays. As such, there are comparatively less opportunities malicious attachments to be opened by the targeted users.

One common tendency appears to be that attackers heavily influence this infection vector on or around major national holidays. According to the firm, the concept is simple: national holidays are usually when the security operations centers are under staffed or lightly staffed. Therefore, attackers operations have a higher chance of success and are able to sustain a longer foothold within the target organization around this time frame, to maximize exfilteration operations.

For the second half of 2011, it seems as Labor Day was the most creative day for attackers utilizing this vector, as malicious attachment levels reached 1,353%, above the bi-annual average, Columbus day following a distant second (549%), followed by thanksgiving (336%) and independence day (271%), accordingly.

In order to interpret the internal meaning of spiteful activity on targeted networks, FireEye also hinted that of the numerous malware families, the highest 50 class of malwares generated about 80% of unbeaten malware infections. FireEye named the toolkit as black hole as a most famous criminally used toolkit in 2011to "drop "malware on vulnerable machine.

However, as per the firms says, criminals are maximizing their penetration rates using multi vector attacks over web and email. They exploit application vulnerabilities, initiate callbacks from within the trusted network, download binaries over various protocols, and exfilterate data seemingly at will. To avoid such attacks, new technologies are required to identify advanced targeted attack entering to web and email, and thwart attempts by malware to call back to command and control centers.

Related article: Spyware Detection Programs Track Advertisers’ Cookies

» SPAMfighter News - 2/20/2012