Despite the many security defenses aimed at protecting email communications, email continues to be a critical vulnerability for enterprises.
Between Q1 2012 and Q2 2012 alone, FireEye reported a 56% increase in the amount of malicious emails—and this wasn’t simply an increase in the total number of emails distributed; it was an increase in the number of emails that were able to bypass signature- and reputation-based security defenses, like next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV), and secure gateways. This means that, while more and more malicious emails are outsmarting traditional security technology, more and more are making their way to your inbox.
In a new report from FireEye, FireEye researchers analyze the nature of malicious files cybercriminals distribute in order to bypass traditional security defenses and identify several trends—including the most common words in file names and file extensions used in spear phishing attacks.
Among these trends, in particular, FireEye researchers found:
- File names relating to shipping grew from 19.20% to 26.35%.
- Number of files referencing words associated with urgency grew from 1.72% to 10.68%.
- Shipping-related words topped the lists of most frequently appearing words in spear phishing emails for both 2H 2011 and 1H 2012.
In the security community, we’re more than familiar with the consequences stemming from these kinds of advanced cyber attacks—GhostNet, Night Dragon, Operation Aurora, and the RSA breach all originated, at least in part, via targeted spear phishing emails. These highly publicized incidents only further indicate what cybercriminals already well know and use to their advantage: email is a mode of attack that works.
This report provides important insight into the nature of advanced malware and the tactics used by cybercriminals so that security teams and users can better understand today’s advanced cyber threats and how they can avoid becoming a spear phishing victim.
To see the full list of top file names, categories, and extensions used in spear phishing attacks, download the report “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data.”
