Think your company’s employees are savvy enough not to fall for phishing attacks? Well, think again. According to FireEye’s Advanced Threat Report, email-based attacks increased 56 percent in the first six months of 2012. Email-based advanced cyber attacks easily bypassed traditional signature-based security defenses, preying on naive users to install malicious files. Ashar Aziz, founder and CEO of FireEye, said in a release
Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spearphishing emails are on the rise because they work. Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses.
FireEye may have come up with that additional layer. The company came up with a list of the top words used in successful spear-phishing attacks geared toward corporate networks. The report is not surprisingly titled “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data” and identifies the social engineering techniques cybercriminals use in email-based advanced cyber attacks. According to the report, the top words cybercriminals use create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping. The report pointed out that express shipping terms are included in about one quarter of attacks, including “DHL,” “UPS” and “delivery.” Urgent terms such as “notification” and “alert” are included in about 10 percent of attacks. An example of a malicious attachment is “UPS-Delivery-Confirmation-Alert_April-2012.zip.”
Finance, travel and billing words are popular, too.
What a great idea to pull this together. Anyone who has gotten — and actually looked at — enough spam can figure out a bit of a pattern to phishing attacks. For instance, I’ll get an unusually high number of emails alerting me to problems in a package delivery in one month and the next month, I’ll get a ton of emails telling me that friends and family are sending me e-cards. (Right now, I’m getting a slew of LinkedIn alerts, all of which have some kind of code words or phrases.)
Having a solid working list of code words helps security folks set up filters to send these phishing messages directly to spam. The words in the report can also be easily shared with employees who now have something to check against if they are unsure of the validity of an email.
I’m kind of surprised that I haven’t seen anything like this sooner. It is so simplistic an idea, yet so valuable in providing an extra layer of protection to the network.