Proofpoint: Security, Compliance and the Cloud

June 12, 2009

Malware Attacks Target Executives: Forbes on Spear Phishing and Whaling Attacks

Interesting article that includes our friend Patrik Runald from F-Secure over at Forbes.com today. In "Cybercrime's Executive Focus," Forbes tech reporter Andy Greenberg reports on the continuing trend toward highly targeted malware attacks that are designed to breach a specific company or even a single executive. Such spear phishing or "whaling" (as in, "going after a big one" - i.e., an executive) attacks are nothing new, but there's some interesting detail in this article. For example:

"In fact, the prevalence of such targeted e-mail attacks isn't easy to track, given that many victims aren't aware they've been breached, and those who are often don't report the intrusion. But in the process of filtering malware, F-Secure counted 663 targeted attack samples in the first three and a half months of 2009. That's approximately on track with 2008, when the company identified 1,968 targeted attacks over the course of the year."

Check out the entire article here:

http://www.forbes.com/2009/06/11/security-cybercrime-executives-intelligent-technology-security.html

Here at Proofpoint, we continue to see hyper-personalization of spam and malware attacks as a continuing trend as well. Researchers in the Proofpoint Attack Response Center recently pointed out a very targeted spam message (pointing to malware, of course) that one researcher had received which seemed to be customized based on a public message board posting he had made.

As is the case for standard spam messages, which almost always include some sort of "mass customization" -- whether it's individualized hash-busting text or individually randomized image-based spam -- I suspect that the massive compute power of botnets is once again at work here (allowing for the automated scouring of message boards and the sending of individualized, targeted spam messages that stand a higher chance of getting opened since they have some relevance to the actual recipient).

For a good primer on spear phishing and whaling attacks, see this still very relevant Dark Reading article from early in 2008 where Proofpoint's Andres Kohn discusses some early examples of highly customized spam:

Dark Reading: Researchers, Vendors Gear Up for Whaling Attacks

Posted by Keith R. Crosley at 12:44 PM
Email Security

Technorati Tags: , , , , , , , , , , ,

Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010535f33a5b970c011571000c98970b

Listed below are links to weblogs that reference Malware Attacks Target Executives: Forbes on Spear Phishing and Whaling Attacks:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Archives

Blog Search

Email Security Gateways, 2011

Magic Quadrant

Recent Posts

Blogroll

Tweets

Follow us @Proofpoint_Inc »

What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption