A Whale of a Problem

Carl Weinschenk

Carl Weinschenk spoke with Adam O'Donnell, director of emerging technologies at Cloudmark.


Weinschenk: What is whaling?
O'Donnell: I define whaling as being narrow attacks which are highly targeted against highly valuable targets. With any form of phishing, the more you know about the target, the better off from a results standpoint. If you are able to get a list of all of a bank's customers, you only go phishing after that brand. It's not that there is such a [high] volume of attacks, but the total cost or effort is very significant. There are [whaling exploits] targeting the U.S. government and military and intelligence services. I wouldn't be surprised if there has been industrial espionage and others forms of espionage. From a standpoint of remediation and prevention, it is a huge issue. From the volume perspective, it is difficult to know.


Weinschenk: Can you give an example of a whaling exploit?
O'Donnell: The stereotypical example that gathered the most attention is e-mail going to an executive of privately held firms purporting to be from the Better Business Bureau and to be about an investigation. The statement of the investigation has a .zip file at the end of the e-mail that contains a piece of malware.


Weinschenk: How big a problem is it?
O'Donnell: It's becoming a big problem that is difficult to remediate and difficult to prevent. If it's a larger type of attack, spam filters and other technologies will be able to take care of it. If it targets one or several people and is heavily researched and addresses victims by career or projects that he or she worked on, it is likely to look like a legitimate e-mail. There is a high need for user education to help prevent these kinds of attacks.


Weinschenk: Are the people mounting these attacks the same as traditional phishers?
O'Donnell: I believe it would be different. [Traditional] phishers work with a large volume of e-mail, large collections of compromised accounts, and the resale of them on the malware underground -- the phishing underground. Whaling is something much more specialized. People who are waging these attacks need to understand their quarry. And they may not just be going after financial information. It could be industrial espionage. Whereas phishers push attacks out to the wind, the purpose of whaling is to identify a small group of individuals. It takes a lot more effort because people expect a much higher profit margin. The entire chain behind it appears to be very different.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data