Spear phishing: Don't be a target

Please let others know how useful this tip is via the rating scale at the end of it. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our tip contest and you could win a prize.

While this attack sounds fictitious, it already happened. In May 2005, the press exposed a scandal in Israel in which large, well-known companies used Trojan horse programs to spy on their competitors. Unfortunate as it was, this incident gives security professionals a window into a new, more dangerous type of cybercrime known as the targeted attack. Using techniques that phishers have adapted to steal relatively low-value information, such as usernames and passwords from individuals, these new, more sophisticated attackers seek out high-value information, such as confidential documents, and usernames and passwords for internal systems. Some industry pundits have coined this technique "spear phishing."

Spear phishers target companies of all types and sizes. However, because news stories and press releases usually divulge detailed information that can be used to craft a convincing e-mail, companies with a major news presence may be most at risk. On the contrary, it is important to remember that in this age of Google, spear phishers can easily find enough information to craft a convincing come-on.

Less-sophisticated spear phishers often use ready-made Trojan programs to launch their attacks. Organizations with robust, multi-level AV and antispyware defenses (at the perimeter and the desktop) will be able to deflect these targeted "spears." Serious spear phishers, on the other hand, are harder to stop. They typically use spyware to solicit a targeted attack and customized spears that do not trigger perimeter and desktop alarms. Unfortunately, we should expect to see an increase in these attacks because toolkits have made the production of customized Trojans easier and as a result, cheaper.

So, what's an information security practitioner to do? Here are three steps you can use to reduce spear phishing attacks:

1. Establish an awareness program to educate executives and employees about the existence and possible consequences of a targeted attack. These attacks rely on human factors to initially penetrate networks and systems; therefore education is perhaps the single most important and effective step an information security department can take to protect their enterprise.

2. Have a response plan. Your users should have a clear idea of what to do when they receive a suspicious e-mail or other computer media. They should know to never click on or load onto their computers anything that doesn't look right, and to contact your company's help desk to report the material. Once the suspect material is reported, quickly find out if anyone else received copies and whether they have opened them. If so, this is the time to activate your company's incident response plan because sensitive information may already be compromised.

3. Keep records. If you receive what appears to be a "spear phishing" attempt via snail mail, keep all of the packaging it arrived in. Place all materials into a plastic bag, seal it and document everyone that you know has handled it. Maintaining the chain of custody will help law enforcement official do their job if called upon later. In the case of e-mails, make paper copies that have complete sets of headers and store electronic copies on permanent media such as CD-ROM.

In the 1930s, a newspaper asked John Dillinger why he kept robbing banks. "Because that's where the money is," the outlaw replied. Today's outlaws have realized that money is found in the computers of corporate executives. Spear phishing is their weapon and infosec practitioners need to be prepared to handle these targeted attacks.

About the author: Al Berg, CISSP, CISM is the Director of Information Security for Liquidnet (www.liquidnet.com). Liquidnet is the leading electronic venue for institutional block equities trading. According to INC. magazine in 2004, Liquidnet was the fastest growing privately held financial services company in the US and the 4th fastest growing privately held company in the US across all industries.

This tip originally appeared on SearchSecurity.com.

Do you have comments on this tip? Let us know.

Reference Center: Antiphishing news, tips and resources

---

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Lotus Notes Domino Antispam Software and Spam Filtering LotusScript agent moves tagged spam email to junk mail folder Limit the size of incoming email attachments to a Lotus Domino server Stop spam on BlackBerry mobile devices Online crime as ugly as ever Putting a stop to incoming spam on Lotus Notes 6.5 Image-based spam scams on the rise Image spam paints a troubling picture McAfee products vulnerable to code execution flaw A recipe for secure IM success How to protect Lotus Domino Server from spam blacklists Lotus Notes Domino Phishing and Email Fraud Protection Phishing protection primer for Lotus Notes and Domino New tools fight fraud and phishing Hooked: Phishing is luring more and more of your customers Fight spear phishing Phishing: A whale of a problem for enterprises Three ways phishers are hooking you New phishing threat outpaces Netsky-P Phishing secrets revealed PhishTank casts its net for malicious email SMS phishing is here Spam and Security Securely connect Lotus Domino servers on different domains Protect Lotus Notes from malicious code with the Domino ECL How to correct Lotus Notes public key mismatches in four easy steps A recipe for secure IM success Telecommuter security kit FAQ: Lotus Notes Domino password issues Security awareness training: How to educate employees about spyware Seven tips to strengthen your Domino e-mail security Admin2005 preview: Tips, techniques, and a look at Notes/Domino Rel. 7 Notes/Domino Security, An Administrator's Guide: book review RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.