SlideShare uma empresa Scribd logo

Fire eye spearphishing

Z
Zeno Idzerda
Notícias e políticaTecnologia
1 de 9
Baixar para ler offline
Spear Phishing Attacks— Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 2 Contents Executive Summary 3 Introduction: The Rise of Spear Phishing Email Attacks 3 The Reason for the Growth in Spear Phishing: It Works 5 Spear Phishing Examples and Characteristics 5 RSA: A Case Study in Spear Phishing and an APT 6 The Solution: Next Generation Threat Protection 7 Conclusion 8 White Paper
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 3 Executive Summary There’s been a rapid and dramatic shift from broad, scattershot attacks to advanced targeted attacks that have had serious consequences for victim organizations. Some of the most famous advanced targeted attacks, such as the attack on RSA, on HBGary Federal, and Operation Aurora all used spear phishing. The increased use of spear phishing is directly related to the fact that it works, as traditional security defenses simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced targeted attacks. It will provide an overview of spear phishing, its characteristics, and a notable attack case study. Finally, the paper looks at the key capabilities organizations need in order to effectively combat these emerging and evolving threats. Introduction: The Rise of Spear Phishing Email Attacks Generally speaking, ‘phishing’ emails are exploratory attacks in which criminals attempt to obtain victims’ sensitive data, such as personally identifiable information and/or network access credentials. These attacks open the door for further infiltration into the network. Phishing typically involves both social engineering and technical trickery to deceive victims into opening attached files, clicking on embedded links, and revealing sensitive information. Figure 1: Common tactics used in phishing emails
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 4 Figure 2: Falsified Web site used to fool users into revealing credentials and personally identifiable information ‘Spear phishing’ is a more targeted version of phishing attacks that combines tactics such as victim segmentation, email personalization, sender impersonation, and other techniques to bypass email filters and trick targets into clicking a link or opening an attachment. Whereas a phishing attack may blanket an entire database of email addresses, spear phishing targets specific individuals within specific organi- zations. By mining social networks, for example, the personalization and impersonation used in the spear phishing emails can be extremely accurate and compelling. Once a link is clicked or attachment opened, the foothold in the network is established allowing spear phishers to move forward with the advanced targeted attack. Spear phishing attacks need to be seen within the context of advanced targeted attacks, otherwise known as advanced persistent threat (APT) attacks. Today, sophisticated cybercriminals (and nation- states) conduct APT attacks through the use of advanced malware and sustained, multi-vector, multi-stage attacks to reach a particular objective. For most APT attacks, the objective is to gain long-term access to an organization’s sensitive networks, data, and resources.
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 5 The Reason for the Growth in Spear Phishing: It Works Advanced targeted attacks using spear phishing aren’t an anomaly; they represent a clear shift in the approach of cybercriminals. Increasingly, criminals are moving from massive phishing attacks to spear phishing on a much smaller, more targeted scale because it has proven very effective. A recent study¹ uncovered the following findings: • Between 2010 and 2011, annual returns for mass email-based attacks fell from $1.1 billion to $500 million. During that same period, spam volume fell from 300 billion messages per day to 40 billion. • During the same period, spear phishing attacks increased by a factor of three. • Spear phishing emails had an open rate of 70 percent, compared with an open rate of just three percent for mass spam emails. Further, 50 percent of recipients who open spear phishing emails also click on enclosed links, which is 10 times the rate for mass mailings. • Compared to broad-based emails, spear phishing costs 20 times more per individual targeted. However, the average return from each spear phishing victim is 40 times more than that of phishing. • A spear phishing campaign comprised of 1,000 messages is likely to generate 10 times the revenue of a phishing mailing targeting 1 million individuals. Spear Phishing Examples and Characteristics Following are some of the key characteristics of advanced targeted spear phishing attacks: • Blended/multi-vector threat. Spear phishing uses a blend of email spoofing, zero-day application exploits, dynamic URLs, and drive-by downloads to bypass traditional defenses. • Leverages zero-day vulnerabilities. Advanced spear phishing attacks leverage zero-day vulnerabilities in browsers, plug-ins, and desktop applications to compromise systems. • Multi-staged attack. The initial exploit of systems is the first stage of an APT attack that involves further stages of malware outbound communications, binary downloads, and data exfiltration. • Lack characteristics of spam. Spear phishing email threats are targeted, often on an individualized basis, so they don’t bear a resemblance to the high-volume, broadcast nature of traditional spam. This means reputation filters are unlikely to flag these messages minimizing the likelihood of spam filters catching them. 1 http://www.scmagazine.com/crooks-opt-for-spear-phishing-despite-higher-upfront-cost/article/206586/
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 6 RSA: A Case Study in Spear Phishing and an APT The attacks targeting RSA, the security division of EMC Corp., in 2011 provide a very clear picture of the way spear phishing can set the stage for a devastating and incredibly far-reaching assault on a corporation — and its customers. The assault began with spear phishing attacks that sent targeted users an email with a Microsoft Excel file attachment that leveraged a zero-day flaw in Adobe Flash. It is clear that not only was RSA the focus of the attack, but only four individuals within RSA were the recipients of the malicious emails. It took just one user to open the email and attachment, which downloaded a Trojan onto the user’s PC. This successful spear phishing attack was part of a much more complex advanced targeted attack. With this malware installed on the victim’s PC, criminals were able to search the corporate network, harvest administrator credentials, and ultimately gain access to a server housing proprietary information on the SecurID two-factor authentication platform. The attack didn’t end there. In fact, all this was a precursor to the ultimate objective: Gaining entry to the networks of RSA’s customers, focusing on those in the defense industrial base. With the stolen data, the criminals then targeted numerous high-profile SecurID customers, including defense contractors Lockheed Martin, L-3, and Northrop Grumman. The takeaway for enterprises is that this example makes clear that even seemingly rudimentary attacks may be just the first in a series of advanced, coordinated, and devastating crimes. In addition, advanced targeted attacks against seemingly low level resources or employees without particularly sensitive roles or permissions can still open the door to vital information and huge consequences. Figure 3: RSA spear phishing email used to launch targeted APT attack
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 7 The Solution: Next Generation Threat Protection Today, organizations need a new generation of security system, one that detects and blocks the advanced targeted attack techniques that include spear phishing. The following are more details on the FireEye solution to effectively stop advanced targeted attacks. Offers a cohesive, integrated solution across threat vectors FireEye provides organizations integrated protection across Web and email attack vectors used in an advanced targeted attack. For example, stopping spear phishing requires capabilities for discovering a Web-based attack in real-time, tracing the attack to the initial phishing email that spawned the attack, and then doing the analysis required to determine if others within the organization have also been targeted. This kind of real-time cyber response is the only way to diffuse advanced targeted attacks. Organizations are using FireEye solutions because they offer real-time analysis of URLs in emails, email attachments, and Web objects to accurately determine whether they’re malicious or not. This is a critical requirement for guarding against spear phishing and other email-based attacks because zero-day tactics easily circumvent signature-based and reputation-based analysis. Further, to effectively defend corporate networks, organizations need systems that inspect across many protocols and throughout the protocol stack, including the network layer, operating systems, applications, browsers, and plug-ins like Flash. Delivers signature-less, dynamic security that thwarts zero-day exploits FireEye solutions provide dynamic, real-time exploit analysis of email attachments and URLs, rather than just comparing bits of code to signatures or relying on reputations. This signature-less analysis is critical to defending against advanced tactics because it all starts with zero-day exploits. With exploit detection, it is possible to stop the advanced malware embedded in attachments as well as malware hosted on dynamic, fast-changing domains. Guards against malicious code installs and block callbacks In addition to exploit detection, FireEye also identifies whether suspicious attachments and other objects are malicious. Further, resulting callback communications are inspected to identify if they are malicious in nature. This includes monitoring outbound host communications over multiple protocols in real-time to determine if the communications indicate an infected system is on the network. Callbacks can be stopped based on the unique characteristics of the communication protocols employed, rather than just the destination IP or domain name. Once malicious code and its communications are flagged, the ports, IP addresses, and protocols must be blocked in order to halt any transmissions of sensitive data. This prevents the further download of malware binary payloads and the lateral spread inside the organization.
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 8 Yields timely, actionable threat intelligence and malware forensics Once advanced malware has been analyzed in detail, the information gathered needs to be fully leveraged. FireEye customers are able to use this information for a number of purposes: • FireEye systems fingerprint the malicious code to auto-generate protection data and identify compromised systems to prevent the infection from spreading. • Forensics researchers can run files individually through automated offline tests to confirm and dissect malicious code. • Information can be shared through unified intelligence systems that keep other experts and organizations current. Conclusion Multi-vectored, multi-stage attacks have been extremely effective for penetrating today’s networks despite $20 billion invested annually in IT security. As part of advanced targeted attacks, spear phishing is growing increasingly prevalent because it is so effective. Criminals will continue to leverage spear phishing so long as organizations maintain a status quo level of security that has proven no match for spear phishing. To thwart these advanced targeted attacks, organizations need next-generation threat protection that protects across multiple threat vectors and addresses every stage of an attack. By integrating Web and email security, guarding against inbound malicious binaries and malware callbacks, and leveraging signature-less, dynamic code execution to detect zero-day exploits, FireEye offers the next-generation threat protection necessary to stop advanced targeted attacks. With FireEye, organizations have real-time, contextual views of both Web and email-based threats. A Web- based, zero-day attack can be detected in real-time and stopped. The attack is then traced back to the initial spear phishing email that spawned the attack to determine if others within the organization have also been targeted. This kind of context-aware security analysis is the only way to get timely, actionable information about advanced targeted attacks and how they can be stopped.
FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 9 FireEye, Inc. | 1390 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) | info@fireeye.com | www.fireeye.com © 2012 FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. – WP.SP.032012 About FireEye, Inc. FireEye is the leader in stopping advanced targeted attacks that use advanced malware, zero-day exploits, and APT tactics. FireEye’s solutions supplement traditional and next-generation firewalls, IPS, antivirus and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry’s only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks.

Recomendados

Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 

Recomendados

Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Analyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsAnalyzing Social and Stylometric Features to Identify Spear phishing Emails
Analyzing Social and Stylometric Features to Identify Spear phishing EmailsCybersecurity Education and Research Centre
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing
PhishingPhishing
PhishingNorth Carolina State University
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing TechnologyAvishekMondal15
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 
Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 

Mais conteúdo relacionado

Mais procurados

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks pptAryan Ragu
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Splunk
 

Mais procurados (20)

Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing
PhishingPhishing
Phishing
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing
PhishingPhishing
Phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
Phishing Technology
Phishing TechnologyPhishing Technology
Phishing Technology
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?Phishing Attacks - Are You Ready to Respond?
Phishing Attacks - Are You Ready to Respond?
 

Semelhante a Fire eye spearphishing

Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attackClaranet UK
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Cyber security
Cyber securityCyber security
Cyber securityJoseMerda1
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigationNimishaRawat
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKScsandit
 
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...ijistjournal
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...ijistjournal
 
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGA LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGHeather Strinden
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detectionijtsrd
 

Semelhante a Fire eye spearphishing (20)

Email: still the favourite route of attack
Email: still the favourite route of attackEmail: still the favourite route of attack
Email: still the favourite route of attack
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Cyber security
Cyber securityCyber security
Cyber security
 
Email threat detection and mitigation
Email threat detection and mitigationEmail threat detection and mitigation
Email threat detection and mitigation
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
phishing-infographic
phishing-infographicphishing-infographic
phishing-infographic
 
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKSCERT STRATEGY TO DEAL WITH PHISHING ATTACKS
CERT STRATEGY TO DEAL WITH PHISHING ATTACKS
 
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...
PHISHING DETECTION IN IMS USING DOMAIN ONTOLOGY AND CBA – AN INNOVATIVE RULE ...
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...Phishing detection in ims using domain ontology and cba an innovative rule ...
Phishing detection in ims using domain ontology and cba an innovative rule ...
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MININGA LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
A LITERATURE REVIEW ON PHISHING EMAIL DETECTION USING DATA MINING
 
UNIT-3.docx
UNIT-3.docxUNIT-3.docx
UNIT-3.docx
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 

Último

Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Pakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfPakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfFahimUddin61
 
28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docxkfjstone13
 
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)Delhi Call girls
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Krish109503
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...narsireddynannuri1
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreiebhavenpr
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkobhavenpr
 
Julius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the TableJulius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the Tableget joys
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...Ismail Fahmi
 
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxAwaiskhalid96
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书Fi L
 
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackVerified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackPsychicRuben LoveSpells
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxjohnandrewcarlos
 

Último (20)

Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
 
Pakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfPakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdf
 
28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf
 
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
2024 02 15 AZ GOP LD4 Gen Meeting Minutes_FINAL_20240228.docx
 
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
 
Julius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the TableJulius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the Table
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
 
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Iffco Chowk Gurgaon >༒8448380779 Escort Service
 
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 143 Noida Escorts >༒8448380779 Escort Service
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptx
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
 
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackVerified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
 

Fire eye spearphishing

  • 1. Spear Phishing Attacks— Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper
  • 2. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 2 Contents Executive Summary 3 Introduction: The Rise of Spear Phishing Email Attacks 3 The Reason for the Growth in Spear Phishing: It Works 5 Spear Phishing Examples and Characteristics 5 RSA: A Case Study in Spear Phishing and an APT 6 The Solution: Next Generation Threat Protection 7 Conclusion 8 White Paper
  • 3. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 3 Executive Summary There’s been a rapid and dramatic shift from broad, scattershot attacks to advanced targeted attacks that have had serious consequences for victim organizations. Some of the most famous advanced targeted attacks, such as the attack on RSA, on HBGary Federal, and Operation Aurora all used spear phishing. The increased use of spear phishing is directly related to the fact that it works, as traditional security defenses simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced targeted attacks. It will provide an overview of spear phishing, its characteristics, and a notable attack case study. Finally, the paper looks at the key capabilities organizations need in order to effectively combat these emerging and evolving threats. Introduction: The Rise of Spear Phishing Email Attacks Generally speaking, ‘phishing’ emails are exploratory attacks in which criminals attempt to obtain victims’ sensitive data, such as personally identifiable information and/or network access credentials. These attacks open the door for further infiltration into the network. Phishing typically involves both social engineering and technical trickery to deceive victims into opening attached files, clicking on embedded links, and revealing sensitive information. Figure 1: Common tactics used in phishing emails
  • 4. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 4 Figure 2: Falsified Web site used to fool users into revealing credentials and personally identifiable information ‘Spear phishing’ is a more targeted version of phishing attacks that combines tactics such as victim segmentation, email personalization, sender impersonation, and other techniques to bypass email filters and trick targets into clicking a link or opening an attachment. Whereas a phishing attack may blanket an entire database of email addresses, spear phishing targets specific individuals within specific organi- zations. By mining social networks, for example, the personalization and impersonation used in the spear phishing emails can be extremely accurate and compelling. Once a link is clicked or attachment opened, the foothold in the network is established allowing spear phishers to move forward with the advanced targeted attack. Spear phishing attacks need to be seen within the context of advanced targeted attacks, otherwise known as advanced persistent threat (APT) attacks. Today, sophisticated cybercriminals (and nation- states) conduct APT attacks through the use of advanced malware and sustained, multi-vector, multi-stage attacks to reach a particular objective. For most APT attacks, the objective is to gain long-term access to an organization’s sensitive networks, data, and resources.
  • 5. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 5 The Reason for the Growth in Spear Phishing: It Works Advanced targeted attacks using spear phishing aren’t an anomaly; they represent a clear shift in the approach of cybercriminals. Increasingly, criminals are moving from massive phishing attacks to spear phishing on a much smaller, more targeted scale because it has proven very effective. A recent study¹ uncovered the following findings: • Between 2010 and 2011, annual returns for mass email-based attacks fell from $1.1 billion to $500 million. During that same period, spam volume fell from 300 billion messages per day to 40 billion. • During the same period, spear phishing attacks increased by a factor of three. • Spear phishing emails had an open rate of 70 percent, compared with an open rate of just three percent for mass spam emails. Further, 50 percent of recipients who open spear phishing emails also click on enclosed links, which is 10 times the rate for mass mailings. • Compared to broad-based emails, spear phishing costs 20 times more per individual targeted. However, the average return from each spear phishing victim is 40 times more than that of phishing. • A spear phishing campaign comprised of 1,000 messages is likely to generate 10 times the revenue of a phishing mailing targeting 1 million individuals. Spear Phishing Examples and Characteristics Following are some of the key characteristics of advanced targeted spear phishing attacks: • Blended/multi-vector threat. Spear phishing uses a blend of email spoofing, zero-day application exploits, dynamic URLs, and drive-by downloads to bypass traditional defenses. • Leverages zero-day vulnerabilities. Advanced spear phishing attacks leverage zero-day vulnerabilities in browsers, plug-ins, and desktop applications to compromise systems. • Multi-staged attack. The initial exploit of systems is the first stage of an APT attack that involves further stages of malware outbound communications, binary downloads, and data exfiltration. • Lack characteristics of spam. Spear phishing email threats are targeted, often on an individualized basis, so they don’t bear a resemblance to the high-volume, broadcast nature of traditional spam. This means reputation filters are unlikely to flag these messages minimizing the likelihood of spam filters catching them. 1 http://www.scmagazine.com/crooks-opt-for-spear-phishing-despite-higher-upfront-cost/article/206586/
  • 6. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 6 RSA: A Case Study in Spear Phishing and an APT The attacks targeting RSA, the security division of EMC Corp., in 2011 provide a very clear picture of the way spear phishing can set the stage for a devastating and incredibly far-reaching assault on a corporation — and its customers. The assault began with spear phishing attacks that sent targeted users an email with a Microsoft Excel file attachment that leveraged a zero-day flaw in Adobe Flash. It is clear that not only was RSA the focus of the attack, but only four individuals within RSA were the recipients of the malicious emails. It took just one user to open the email and attachment, which downloaded a Trojan onto the user’s PC. This successful spear phishing attack was part of a much more complex advanced targeted attack. With this malware installed on the victim’s PC, criminals were able to search the corporate network, harvest administrator credentials, and ultimately gain access to a server housing proprietary information on the SecurID two-factor authentication platform. The attack didn’t end there. In fact, all this was a precursor to the ultimate objective: Gaining entry to the networks of RSA’s customers, focusing on those in the defense industrial base. With the stolen data, the criminals then targeted numerous high-profile SecurID customers, including defense contractors Lockheed Martin, L-3, and Northrop Grumman. The takeaway for enterprises is that this example makes clear that even seemingly rudimentary attacks may be just the first in a series of advanced, coordinated, and devastating crimes. In addition, advanced targeted attacks against seemingly low level resources or employees without particularly sensitive roles or permissions can still open the door to vital information and huge consequences. Figure 3: RSA spear phishing email used to launch targeted APT attack
  • 7. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 7 The Solution: Next Generation Threat Protection Today, organizations need a new generation of security system, one that detects and blocks the advanced targeted attack techniques that include spear phishing. The following are more details on the FireEye solution to effectively stop advanced targeted attacks. Offers a cohesive, integrated solution across threat vectors FireEye provides organizations integrated protection across Web and email attack vectors used in an advanced targeted attack. For example, stopping spear phishing requires capabilities for discovering a Web-based attack in real-time, tracing the attack to the initial phishing email that spawned the attack, and then doing the analysis required to determine if others within the organization have also been targeted. This kind of real-time cyber response is the only way to diffuse advanced targeted attacks. Organizations are using FireEye solutions because they offer real-time analysis of URLs in emails, email attachments, and Web objects to accurately determine whether they’re malicious or not. This is a critical requirement for guarding against spear phishing and other email-based attacks because zero-day tactics easily circumvent signature-based and reputation-based analysis. Further, to effectively defend corporate networks, organizations need systems that inspect across many protocols and throughout the protocol stack, including the network layer, operating systems, applications, browsers, and plug-ins like Flash. Delivers signature-less, dynamic security that thwarts zero-day exploits FireEye solutions provide dynamic, real-time exploit analysis of email attachments and URLs, rather than just comparing bits of code to signatures or relying on reputations. This signature-less analysis is critical to defending against advanced tactics because it all starts with zero-day exploits. With exploit detection, it is possible to stop the advanced malware embedded in attachments as well as malware hosted on dynamic, fast-changing domains. Guards against malicious code installs and block callbacks In addition to exploit detection, FireEye also identifies whether suspicious attachments and other objects are malicious. Further, resulting callback communications are inspected to identify if they are malicious in nature. This includes monitoring outbound host communications over multiple protocols in real-time to determine if the communications indicate an infected system is on the network. Callbacks can be stopped based on the unique characteristics of the communication protocols employed, rather than just the destination IP or domain name. Once malicious code and its communications are flagged, the ports, IP addresses, and protocols must be blocked in order to halt any transmissions of sensitive data. This prevents the further download of malware binary payloads and the lateral spread inside the organization.
  • 8. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 8 Yields timely, actionable threat intelligence and malware forensics Once advanced malware has been analyzed in detail, the information gathered needs to be fully leveraged. FireEye customers are able to use this information for a number of purposes: • FireEye systems fingerprint the malicious code to auto-generate protection data and identify compromised systems to prevent the infection from spreading. • Forensics researchers can run files individually through automated offline tests to confirm and dissect malicious code. • Information can be shared through unified intelligence systems that keep other experts and organizations current. Conclusion Multi-vectored, multi-stage attacks have been extremely effective for penetrating today’s networks despite $20 billion invested annually in IT security. As part of advanced targeted attacks, spear phishing is growing increasingly prevalent because it is so effective. Criminals will continue to leverage spear phishing so long as organizations maintain a status quo level of security that has proven no match for spear phishing. To thwart these advanced targeted attacks, organizations need next-generation threat protection that protects across multiple threat vectors and addresses every stage of an attack. By integrating Web and email security, guarding against inbound malicious binaries and malware callbacks, and leveraging signature-less, dynamic code execution to detect zero-day exploits, FireEye offers the next-generation threat protection necessary to stop advanced targeted attacks. With FireEye, organizations have real-time, contextual views of both Web and email-based threats. A Web- based, zero-day attack can be detected in real-time and stopped. The attack is then traced back to the initial spear phishing email that spawned the attack to determine if others within the organization have also been targeted. This kind of context-aware security analysis is the only way to get timely, actionable information about advanced targeted attacks and how they can be stopped.
  • 9. FireEye, Inc. Spear Phishing Attacks—Why They are Successful and How to Stop Them 9 FireEye, Inc. | 1390 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) | info@fireeye.com | www.fireeye.com © 2012 FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. – WP.SP.032012 About FireEye, Inc. FireEye is the leader in stopping advanced targeted attacks that use advanced malware, zero-day exploits, and APT tactics. FireEye’s solutions supplement traditional and next-generation firewalls, IPS, antivirus and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry’s only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks.