14 DAY TRIAL // Phishing attacks have been used by cybercriminals for a long time, but every once in a while these “classic” schemes benefit from a major improvement. Security firm Proofpoint has identified a new type of industrial attacks that combine mass customization with spear phishing tactics.
Dubbed “longlining,” after the industrial fishing practice which involves deploying miles-long lines with thousands of individual hooks, the sophisticate attacks can be highly effective.
The new tactic allows cybercriminals to send out thousands of unique malicious messages capable of bypassing many traditional signature and reputation-based security solutions.
In the attacks analyzed by Proofpoint, 10% of recipients were tricked into installing malicious content capable of taking over computers and compromising organization networks.
According to experts, origin IP addresses, subject lines, and the body content of emails used in longlining phishing attacks vary. In addition, the malware distributed in these attacks is loaded on legitimate compromised websites to ensure that reputation systems are tricked.
The fact that they can send as many as 100,000 individual spear phishing emails greatly increases the chances for an attack to succeed. Furthermore, because they can send out a large number of messages in a fairly short amount of time, zero-days can be exploited before IT teams get the chance to patch up the vulnerable software.
“With longlining, cyber-criminals are combining the stealth and effectiveness of spear phishing with the speed and scale of traditional phishing and virus attacks,” said David Knight, executive vice president of product management for Proofpoint.
“Legacy security systems and techniques simply can't cope with this combination of speed and sophistication, leaving large enterprises increasingly vulnerable to a wide-range of criminal activity and data loss.”
Proofpoint has observed these types of attacks for a period of 6 months. In one attack, which took place in October 2012, 135,000 emails were sent from Russia to over 80 companies in just three hours. To ensure the success of the campaign, 28,000 different IP addresses, 35,000 different sender aliases, and over 20 legitimate websites were utilized.
A complete report on “longlining” phishing attacks from Proofpoint is available here.