FireEye has announced the release of “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data,” a report that identifies the social engineering techniques cybercriminals use in email-based advanced cyber attacks. According to the report, the top words cybercriminals use create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defences in email-based attacks relates to express shipping.
According to recent data from the FireEye “Advanced Threat Report,” for the first six months of 2012, email-based attacks increased 56 percent. Email-based advanced cyber attacks easily bypass traditional signature-based security defences, preying on naïve users to install malicious files.
“Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work.” said Ashar Aziz, founder and CEO, FireEye. “Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses.”
“Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data,” explains that express shipping terms are included in about one quarter of attacks, including “DHL”, “UPS”, and “delivery.” Urgent terms such as “notification” and “alert” are included in about 10 percent of attacks. An example of a malicious attachment is “UPS-Delivery-Confirmation-Alert_April-2012.zip.”
The report indicates that cybercriminals also tend to use finance-related words, such as the names of financial institutions and an associated transaction such as “Lloyds TSB - Login Form.html,” and tax-related words, such as “Tax_Refund.zip.” Travel and billing words including “American Airlines Ticket” and “invoice” are also popular spear phishing email attachment key words.
Spear phishing emails are particularly effective as cybercriminals often use information from social networking sites to personalise emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.
The report highlights that cybercriminals primarily use zip files in order to hide malicious code, but also ranks additional file types, including PDFs and executable files.
“Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data” is based on data from the FireEye Malware Protection Cloud™, a service shared by thousands of FireEye appliances around the world, as well as direct malware intelligence uncovered by its research team. The report provides a global view into email-based attacks that routinely bypass traditional security solutions such as firewalls and next-generation firewalls, IPS, anti-virus and gateways.