Home Business NewsTech News Inside the mind of a cybercriminal: protect against spear phishing

Inside the mind of a cybercriminal: protect against spear phishing

by LLB Editor
15th Jul 12 8:05 pm

It’s one of the most lethal cyberattack threats your business faces – find out how it works and how to prevent it

The past decade has seen cybercrime become increasingly sophisticated. No longer does it stem from opportunistic teenagers sending nuisance viruses from their bedrooms – it is now a $388 billion industry where financially and politically motivated hackers dupe highly targeted victims into parting with lucrative information.

To put the scale of today’s cybercriminal activity into context, there are currently more than 270 million unique types of malware that have already been identified, with 60,000 new pieces created each day. The increase in the amount of malicious code, and the rapidly evolving profile of a cybercriminal, has subsequently transformed cybercrime into a highly powerful and global industry.

Judging by the recent spate of high profile security breaches, it is clear that attacks are becoming increasingly complex and, as a result, hard to combat. Initially focused on low value targets, it didn’t take long for cybercriminals to realise that, by raising the stakes, they could potentially obtain significant sums of money. Stealing credit card and banking information was once widespread, yet the sheer volume of these details on the black market has greatly reduced its profitability.

Take the recent Sony attack, for example. It was one of the most high profile attacks last year, with the credit card details of 77 million customers stolen. But due to the large quantity of data released, the value was driven down to just a few pence.

In light of this, cybercriminals are increasingly targeting more lucrative victims and high value organisations, as well as relying more heavily on psychological techniques to gain access to confidential data.

Spear phishing

A good demonstration of this is the rise of social engineering and “spear phishing”. Cybercriminals are progressively focusing on communicating with, and persuading, individuals within an organisation to download malware-laced attachments, click on an infected links, or voluntarily provide valuable information. Designed to appear highly personalised and credible, these attacks are extremely easy to fall for.

Spear phishing attempts are made even easier with the vast amount (and wide availability) of information being placed on the internet. Users are continuing to trust social networking sites such as Facebook, LinkedIn and Twitter with swathes of personal and sensitive information − including where they live, what they do for a living, their date of birth and hobbies. With almost 800 million Facebook and 130 million LinkedIn users, this type of information can easily be harvested by cybercriminals without any technical knowhow and with very little effort. In other words, individuals are effectively facilitating the growth of these security attacks themselves.

Prevention vs cure

Education, or ‘common sense’ defence, is a key component in combating these attacks. In addition to ensuring they have sufficient security practices in place, it is essential that people understand the thought processes of those wishing to violate personal information. In other words, we must get inside the mind of a cybercriminal.

By exploiting basic human weaknesses and utilising their victims’ psychology, cybercriminals are able to manipulate individuals into unwittingly parting with personal and highly confidential information.

Therefore, once people recognise the signs, and understand what to look out for, they are already well protected from these threats. Spear phishing is simply a 21st Century equivalent of traditional, non-technological tricks such as pick-pocketing. So the smarter and more street-wise the user is, the less likely they are to fall victim.

At the same time, while users can learn to be more vigilant, the fact of the matter is that it only takes one person to unknowingly click a malicious link or download an infected attachment for an entire organisation to be at risk of suffering major reputational and financial loss. With more advanced, targeted cyber-attacks and new malicious code constantly being created, it is clear that education is not a sole solution. Organisations need to ensure that they also have a bulletproof endpoint security strategy in place.

How to protect your business

The concept of layered protection is fairly well known, yet many organisations fail to consider a crucial layer of defence – application control. If businesses control exactly which programs employees are allowed to run on work computers, it provides greater reassurance that unknown malware and viruses will not infiltrate the network. Crucially, this means that any new or mutating viruses that would normally bypass typical antivirus protection are thwarted by this second line of defence.

The ever-evolving threat landscape makes it an appropriate time for individuals and organisations to conduct a serious assessment of their current security practices. While awareness and understanding minimises the risk of falling victim to an attack, only a layered security strategy that utilises application control solutions will provide the ultimate safety net should this occur.

Bimal Parmar is the VP Marketing at Faronics

Leave a Commment


Sign up to our daily news alerts

[ms-form id=1]