 "Cybercriminals Use Social Engineering Emails To Penetrate Corporate Networks")
FireEye, Inc. has announced the release of “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data,” a report that identifies the social engineering techniques cybercriminals use in email-based advanced cyber attacks. According to the report, the top words cybercriminals use create a sense of urgency to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping.
According to recent data from the FireEye “Advanced Threat Report,” for the first six months of 2012, email-based attacks increased 56 percent. Email-based advanced cyber attacks easily bypass traditional signature-based security defenses, preying on naïve users to install malicious files.
“Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work,” said Ashar Aziz, Founder and CEO, FireEye. “Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defences.”
“Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data,” explains that express shipping terms are included in about one quarter of attacks, including “DHL”, “UPS”, and “delivery.” Urgent terms such as “notification” and “alert” are included in about 10 percent of attacks. An example of a malicious attachment is “UPS-Delivery-Confirmation-Alert_April-2012.zip.”
The report indicates that cybercriminals also tend to use finance-related words, such as the names of financial institutions and an associated transaction such as “Lloyds TSB - Login Form.html,” and tax-related words, such as “Tax_Refund.zip.” Travel and billing words including “American Airlines Ticket” and “invoice” are also popular spear phishing email attachment key words.
Spear phishing emails are particularly effective as cybercriminals often use information from social networking sites to personalise emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.
The report highlights that cybercriminals primarily use zip files in order to hide malicious code, but also ranks additional file types, including PDFs and executable files.
“Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data” is based on data from the FireEye Malware Protection Cloud, a service shared by thousands of FireEye appliances around the world, as well as direct malware intelligence uncovered by its research team. The report provides a global view into email-based attacks that routinely bypass traditional security solutions such as firewalls and next-generation firewalls, IPS, anti-virus and gateways.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
