'Spear phishing' aimed at businesses on the rise

Cybercriminals are apparently tired of going "phishing" these days.

According to a recent report on spam in the enterprise by IT security firm Trend Micro, "spear phishing" is the new sophisticated method being employed by spammers to lure their victims into giving up personal information.

"Spear phishing," much like its namesake, means targeting the spam attack on a specific victim, which could be a high-ranking government official or the top executive in a certain business organization.

"A typical spear-phishing attack initially involves conducting research on who to specifically send a phishing email to in order to gain access to data that phishers normally steal," the Trend Micro report said.

One of the more recent victims of a spear phishing attacks is security firm RSA, Trend Micro said, which in April suffered a breach that led to other attacks against the company's clients, including the International Monetary Fund.

Using an email message deceptively titled "2011 Recruitment Plan" sent to two employee groups within RSA, cybercriminals were reportedly able to trick one of the employees into opening the attached Excel file, which installed a backdoor program to the company's network.

Trend Micro said these targeted spam attacks act as gateways to other larger cyber attacks against the organization, as cyber thieves persist on preying on the weakest link in the organization—the end users.

"In several instances, spear phishing can even be the first point of contact to launch a highly targeted attack wherein threat actors aggressively pursue specific targets, often through the use of social engineering, in order to maintain persistent control inside a network so as to extract sensitive information and to gain access to internal company networks," the report added.

The same report highlighted that spammers are also moving into new fields of operations, such as in the widely popular social networking sites where millions of Internet users log on every day.

"Businesses that use social media platforms can come in contact with Web threats while using social networking sites for marketing and promotion," it said. "These may also cause system infections through employees who access sites such as Facebook and Twitter at work, presenting threats such as data loss or personal information theft."

With its rising popularity, Trend Micro said scams sent out through these social networking sites will only rise over the next several years.

On a more general view, however, the report indicated that spam levels across the world have been declining over the years, following the takedown of notorious spambot Rustock in late 2010.

Data from the company shows that after the Rustock takedown, spam levels went down from about 90 percent in January to about 30 percent in June, falling by about 40 percent during the period.

"Our researchers believe this could be attributed to the Rustock takedown. They developed a signature to identify spam originating from the botnet and found that in an hour after its takedown, the amount of traffic matching Rustock’s signature dropped by 99.97 percent," Trend Micro explained.

Among all the spam messages sent worldwide, the report found that Russian messages topped the list non-English spam languages during the first half of the year, with Russia—along with India—topping the list of spam-sending countries, at 8 percent of the global percentage.

While spam messages are still largely sent without attachment, the report noted that in mid-August, spam with malicious attachments spiked by 36.5 percent, from only 2.14 percent in July.

"Apart from .JPG and .GIF image file attachments, spam can also carry Microsoft Word (.DOC) and Excel (.XLS) files as attachment. Sending .DOC and .XLS files as attachment gives spam, especially those supposedly from banks or legitimate service providers, greater credibility. Opening these attachments can lead to vulnerability exploitation in popular software like Microsoft Word or Excel, which exposes users to even more risks," the report warned. — TJD, GMA News