A New Attack Category is Born: You Now Need to Also Worry About Evasive Spear Phishing



AdobeStock_58438858Researchers have combed through 25 million emails and found a new method of attack that blends two previously seen attack types combined into a single attack.
 
A cybercriminal needs to overcome two basic hurdles to infect a machine: First, they need get past any security solutions that inspect attachments looking for signs of maliciousness. Second, they need to get users to click on said attachment. If you can do both of these things, you have yourself a pretty good chance of infection. 
 
Thus far, we’ve only seen attacks that do one or the other well, or use two completely separate tactics to accomplish this. But, according to research from security vendors Glasswall and Forcepoint, a new attack method effectively combines these two tactics into a single attack. Dubbed evasive spear phishing, involves both very targeted spear phishing campaigns using contextual details that indicate a fair amount of diligence and sophisticated malware delivery mechanisms that leverage older Office filetypes.
 
According to the research, nearly half of all attacks are targeting Technology firms, with developers as the potential victim, likely looking for intellectual property. For each industry, there is a victim demographic, demonstrating that these attacks are not opportunistic, but are laser focused on trying to access and steal very specific kinds of information.

Organizations need to empower users to act as the last line of defense against evasive attacks designed to keep from being detected by security solutions.

Security Awareness Training educates users on how to spot suspicious emails – even when they are designed to look contextually accurate for the target victim.

A new category of attack should be a warning that the bad guys are stepping up their game and are working to leverage the weakest (and last) link in the chain – your users. Take note and be ready.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews