Spear Phishing Getting Personal
There is a new type of targeted phishing attack that has had quite a bit of success lately. Its called “spear phishing.” Spear Phishing is a targeted attack against a single organization in which falsified or spoofed emails are sent to the organization’s user base asking them to click on a link. This is different from the standard practice of spamming large groups of people in hopes that some suckers will fall for the trap.
In many successful cases, the attackers use news about changes in health care benefits, raffles for prizes or even donations for a newborn baby to lure employees to a website that will install malware. Once this malware is installed, the attacker can worm into an organization through the backdoor, or install keystroke loggers to steal passwords to the critical infrastructure.
There was a huge spate of this going on nationwide a few weeks ago when the VML 0-day vulnerability was used to install drive by downloads.
Now comes a report that Dekalb Medical Center employees were lured to a site. Hat tip to slashdot. From Network World here:
Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read Urgent employment issue, and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.
And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.
Called targeted spam or spear phishing, this type of spam that s currently on the rise is particularly vexing because the spammer is able to spoof the sending e-mail address to make it look like it s coming from within the organization of the recipient, making it difficult for spam filters to catch. And, unlike traditional spam that is sent in the thousands, spammers are sending just handfuls of these messages at a time, again making it difficult for antispam technology to detect.
The IT department at the medical center found out about the scam when an employee in the HR department, who had received a frantic call from one of the scam s recipients, called the company s CIO. The first thing the IT department did was to set its Web filtering software to block all users from visiting the site linked to in the spam, says Finney.
This particular instance was a botched attack against Dekalb. The attackers chose a ludicrous and unbelievable way to trick users to click on their website, which is the threat of job termination. Had this attack been more subtle, such as updating the number of dependents for tax purposes, this may have gone unreported.
