During the middle of November, Forrester and Finjan put together a webinar titled "How to Defend Your Organization from Web-Based Threats while Hackers Move into Business Mode". The webinar is an hour long. So, if you don't have time to listen to it, here's the point of this blog.
The Forrester analyst, Paul Stamp, describes a recent spear phisihing attack on a medium sized enterprise. He described how the enterprise had issued a press release announcing the hire of a new COO. A few days later, the new COO received a email purportedly from the firm that does the enterprise's travel bookings. He was requested to click on the link and make sure his details were accurate.
The executive did and ended up at a official looking website for the travel agency. There he found that the travel agency already had all his personal details in the database, so it looked good. He was then requested to download some software that would link his Outlook email to the travel agency's booking systems. The COO did this. Unbeknownst to the COO he was actually downloading trojan horse malware which then rapidly spread through his new enterprise.
What can we learn from the above story?
1. This was a medium sized enterprise and not a large bank. Therefore, criminals are targeting enterprises wherever they think they can make a buck. So, if you're not a large company, don't think that you won't be targeted.
2. The criminals are using public information to quickly construct the attacks. They used the press release to get wind of a new hire. They then obtained the new hire's email address. The finally put together a database on the victim from publicly available information.
3. The attacks are very sophisticated. This isn't something that a "hacker" or "script kiddie" puts together. It's done by organized crime. They have the talent to construct the emails, trojan malware and fake websites. They do their homework. The use employees only as a vecotor into the enterprise. THEY'RE SMART.
This type of attack has been forecasted by most major analysts to increase over the next year. Simply relying upon your perimeter to bail you out of these types of situations won't work on their own. You need to have multiple layers of identity based strong authentication defense behind the firewall to control the damage when these types of attacks occur.