Targeted Spear Phishing Attacks and ‘watering – holes’

Targeted spear-phishing attacks are going after not just individuals but entire websites that function as “watering holes” for groups of people with focused interests, according to security company Websense.

“Spear-phishing is most associated with targeted attacks, typically via malware-loaded email, intended to take over an individual’s computer to spy or steal something important from the victim. But a more recent trend in spear-phishing is the targeting of entire websites in order to have a crack at a community of individuals whose computers you’d like to compromise”, says Chris Astacio, security research manager at Websense.

Websearch Research found that the majority of phishing attacks are sent on Mondays and Fridays.

Top phishing days of the week (percentage): *Based on July-August 2012 research

Friday (38.5%)

Monday (30%)

Sunday (10.9%)

Thursday (6.5%)

Tuesday (5.8%)

Wednesday (5.2%)

Saturday (3.2%)

In an interview with PC Magazine Carl Leonard, senior security research manager, EMEA at Websense, said that spear phishing is not about sending 500,000 malicious emails in the hope that ten per cent of recipients will click on it, but it is targeted and dependent on timing.

Leonard went on to say: “The attacker doesn’t do any emails at all; they are waiting like an alligator to jump out. We see this being used in the last six months and it is efficient to me, as people can be targeted with spear phishing messages and social engineering techniques are used in these ‘watering hole’ attacks. The user sees something and thinks it is for them and clicks on it.”

New phishing attacks are more targeted and contain information that makes the recipient believe the information is legitimate. There is invariably a specific intention in mind.

Targeted spear-phishing attacks are going after not just individuals but entire websites that function as “watering holes” for groups of people with focused interests, according to security company Websense.

Spear-phishing is most associated with targeted attacks, typically via Malware-loaded email, intended to take over an individual’s computer to spy or steal something important from the victim. But a more recent trend in spear-phishing is the targeting of entire websites in order to have a crack at a community of individuals whose computers you’d like to compromise, says Chris Astacio, security research manager at Websense.

In this “watering hole” attack, the goal is to compromise a website to understand who visits it and why, and place Malware on it to try and target these visitors, Astacio says. For the attackers, “the idea is that they lie in wait,” he says, watching what individuals do in order to target them.