Phishing attacks are becoming increasingly cunning and more targeted
Although that might sound such an insignificant amount, some spam campaigns can deliver more than 250,000 emails every hour.
In the past, most phishing attempts appear lame at best and obvious to most with their grammatical errors and spelling mistakes, making them easily identified as malicious but now according to Michael Cryer, a consulting systems engineer, scammers have changed their M.O.
“In a lot of cases, it’s almost down to a one-to-one kind of design, to make sure it has a higher potential for success,” Cryer said.
“It tends to be a specific individual, or a small group of individuals.”
But going even further than that, Cryer said that there was a new form of phishing technique the company has dubbed the “watering hole” scam, where attackers look for sites that employees might visit as part of their daily business, then compromise those sites to take advantage of the inherent trust the target may have.
By compromising a site that the user trusts, attackers have a number of options open to them, such as directly dropping payloads on to a vulnerable target’s computer, and so eliminating the need to first send suspicious emails.
However, emails are still an option that is open to attackers, and according to the company, phishing emails even have timed delivery patterns, designed to evade scanners.
According to Cryer, many attackers will send their emails on a Friday, knowing that they are unlikely to be read until Monday morning. Although the content of the phishing email will link to a third party server that has been compromised by the attacker, no malicious content will be uploaded until the weekend.
What this does is fool any anti-phishing software that attempts to verify that the links are safe when the email is delivered, because at the time of scan, there will be no suspicious content. But by Monday, when the attacker’s payload has actually been uploaded, the situation has changed, and the email that was previously marked as safe is now pointing to dangerous content.