Targeted Spear Phishing Attacks and ‘watering – holes’

Targeted spear-phishing attacks are going after not just individuals but entire websites that function as “watering holes” for groups of people with focused interests, according to security company Websense.

“Spear-phishing is most associated with targeted attacks, typically via malware-loaded email, intended to take over an individual’s computer to spy or steal something important from the victim. But a more recent trend in spear-phishing is the targeting of entire websites in order to have a crack at a community of individuals whose computers you’d like to compromise”, says Chris Astacio, security research manager at Websense.

Websearch Research found that the majority of phishing attacks are sent on Mondays and Fridays.

Top phishing days of the week (percentage): *Based on July-August 2012 research

Friday (38.5%)

Monday (30%)

Sunday (10.9%)

Thursday (6.5%)

Tuesday (5.8%)

Wednesday (5.2%)

Saturday (3.2%)

In an interview with PC Magazine Carl Leonard, senior security research manager, EMEA at Websense, said that spear phishing is not about sending 500,000 malicious emails in the hope that ten per cent of recipients will click on it, but it is targeted and dependent on timing.

Leonard went on to say: “The attacker doesn’t do any emails at all; they are waiting like an alligator to jump out. We see this being used in the last six months and it is efficient to me, as people can be targeted with spear phishing messages and social engineering techniques are used in these ‘watering hole’ attacks. The user sees something and thinks it is for them and clicks on it.”

New phishing attacks are more targeted and contain information that makes the recipient believe the information is legitimate. There is invariably a specific intention in mind.

Targeted spear-phishing attacks are going after not just individuals but entire websites that function as “watering holes” for groups of people with focused interests, according to security company Websense.

Spear-phishing is most associated with targeted attacks, typically via Malware-loaded email, intended to take over an individual’s computer to spy or steal something important from the victim. But a more recent trend in spear-phishing is the targeting of entire websites in order to have a crack at a community of individuals whose computers you’d like to compromise, says Chris Astacio, security research manager at Websense.

In this “watering hole” attack, the goal is to compromise a website to understand who visits it and why, and place Malware on it to try and target these visitors, Astacio says. For the attackers, “the idea is that they lie in wait,” he says, watching what individuals do in order to target them.


First IBM PC

1981 - IBM 5150 PC

I recently came across an article that was reflecting on the very first IBM PC and thought that it might be of interest. If IBM had never developed the Personal Computer and we had continued to work with mainframes would we be experiencing the current Phishing and Malware attacks today? We can never answer this question but I am sure that the Cyber – Criminals would still be trying to “steal” our personal information in some form or another.

Here is some text from the original article:

“The system has much to commend it, both for serious and fun applications, since it can grow from a fairly expensive cassette-based configuration to a full-blown twin disk/colour graphics machine that offers the competition a fair run for its money. It almost goes without saying that the computer is well made, keeping up IBM’s legendary reputation for quality.”

IBM kept their plans to launch a personal computer very quiet and swore key people and companies to secrecy. Microsoft were very involved from the very beginning and initially the PC was only sold in the US. At the time IBM were not able to comment on whether or not the PC would be sold in Britain.

IBM also mentioned that “the whole design is very pleasing and all the parts clearly belong together. Everything is designed with a first-time user in mind. IBM has gone overboard to make the system as easy as possible to configure and use.”

The author made some final comments mentioning that this was probably the most professionally put-together system that they had ever seen. the only thing that they felt was missing was a wide selection of packages but they felt that the whole world and it’s grandmother would be frantically trying to fill that gap.

We have certainly come a long way since 1981 what with Smart Phones and Tablets being all the current rage and we are more and more reliant on these products for our day to day lives.

Malware Threats on the Rise

The Juniper “2011 Mobile Threats Report” uncovered more than 28,000 pieces of Malware last year which equated to a rise of 155 percent from 2010. The most popular target for these Malware threats was the Android operating system. Juniper’s figures excluded any Malware samples for iOS (Apple). This is not to say that non exists but Apple does not release such data or allow access to this information.

Prior to 2011 most mobile Malware was targeted at Nokia’s Symbian and Java ME which runs on feature phones. Juniper has since noticed a huge shift towards Android. There was an increase of 3,325 percent in Malware aimed at Google Mobile Operating Systems from 400 in June 2011 to 13,000 by the end of 2011.. This is possibly due to Android’s leading market share and the lack of control over the apps found in Android app stores that have attracted more Malware writers.

Juniper uncovered a large number of malicious apps from third-party Android app stores which are not protected by Google’s new Bouncer service, a tool that can scan Android market for potentially malicious software without disrupting the user experience of Android market.

“Many device manufacturer’s build customised versions of the Android operating system and as a result, certain devices do not receive – or must wait months to receive security updates,” Juniper said. “This means that even patched security vulnerabilities and new security features may not get published to all devices, making them less secure and more vulnerable to Malware.”

Google was kept quite busy last year removing Malware from Android market and from mobile devices especially as the bad guys became more sophisticated last year. The company has tried to keep up by jettisoning the malicious apps as quickly possible. But the discovery process can sometimes take days Juniper noted,leaving more than enough time for the payload to infect smartphones and tablets.

Malware Mobile Threats

There have been over 1,000 instances of Android Malware found in 2011 and the rate of growth has almost doubled since July 2011. Smartphone s are increasingly becoming targets for malicious hackers because they are filled with rich data, tied to payments processing services and typically have less security than a personal computer. You thought that 2011 was the Year of Mobile Malware? Wait until you see 2012.

Mobile security firm Lookout breaks Mobile Malware into two driving factors:

  • Profit from infection: how much money can the Malware industry extract from infected devices.
  • Cost of infection: how easy is it to distribute Malware.

The second factor informs the first. Malware makers, Mobile or otherwise, want to find the easiest route to your wallet. The easier it is to do, the more they will produce. The path of least resistance to rich data that can be monetized or exploited

Lookout’s predictions fall within these two camps:

Profit From Infection

Mobile Pickpocketing (SMS/call fraud) – The recent trend has been to lure users into applications that will charge money through text messaging and calling of premium services.GGTracker was one of the first to surface in June 2011. The most recent attack was called RuFraud. As SMS Malware is the easiest tie-into payments infrastructure, Lookout expects to see this trend grow in 2012.

Botnets Come to Life – The first example we saw of Malware makers trying to create Mobile Botnets was with DroidDream attack that launched the year of Mobile Malware in January and February. Lookout says that 10 families of Botnet-like systems were discovered in 2011, with that number expected to grow in 2012.

Vunerable Smart Devices – Lookout says that nearly every Android Smartphone available in the wild has some kind of security hole in it. Knowing that security holes exist everywhere is a reminder to keep yourself safe.

Cost of Infection

Automated Repackaging – Piracy is a problem for Mobile application developers, especially on Android. The recent RuFraud applications were an example of repackaged games loaded with Malware.

Malvertising – Malvertising has been one of the banes of the web for years and it starting to go Mobile. Malvertising is when there are genuine looking advertisements that link back to fraudulent sites that can load Malware to a device. It has long proven a decent attack vector for Malware makers and Lookout expects it will increase on Mobile in 2012.

Browser Attacks – Web applications or Native applications? You know what? Malware makers are asking the same questions because they are looking for where the users are. HTML5 will increase the amount of browser-based applications and activity on Mobile devices and with that there will be a corresponding in Mobile browser Malware. While Android is often thought of as the most susceptible to Malware, a browser knows no limits.


Why Protect Your Data

Because of the astronomical rise of Cybercrime (worth $40b annually) – and because conventional desktop security can no longer effectively protect PC’s. This means that complacency in the business arena is no longer a viable option. These online cyber criminals are constantly developing new ways to make money. Business as usual is constantly under threat as there are big incentives for these criminals to continuously find ways to avoid security protection.

Cyber criminals use infected computers to generate income in many ways. One of the most simple ways is through advertising. This is done in the same way that legal sites generate income by displaying ads, malware can display ads that result in payment to cyber criminals.

Criminals also gather valuable user information from infected computers such as key personal information pertaining to online banking. This is one of the most sophisticated and stealthy forms of malware.

The online criminals are then in a position to use this personal information for either their own illegal use or they are in a position to sell it a third party who will use this information to make a profit.