Spear Phishing Attacks Climbing

Symantec is reporting that “Spear Phishing” attacks have climbed dramatically over the last 4-5 years.  The number of targeted phishing attacks against individuals has risen from one or two a week in 2005 to more than 70 a day.  Symantec is muddying the waters a bit, explaining targeted attacks and Advanced Persistent Threats, and Spear Phishing attacks as one and the same.  They are not necessarily so.


  • Phishing:  The criminally fraudulent process of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication.  All types of Phishing are social engineering attacks.
  • Spear Phishing:  Targeted versions of phishing have been termed spear phishing.  These will generally involve poaching a user’s email contact list and sending each target a message that appears to come from the user themselves.
  • Whaling:  Phishing attacks that have been directed specifically at senior executives and high profile targets within a business.
  • Advanced Persistent Threat” (APT) refers to exercising technically advanced and clandestine means to gain continual, persistent intelligence on an individual, group, organization, or government.  Modern InfoSec APT is generally custom made malware that has minimal chance of signature development, tailor made and targeted to a specific (tiny) group or inidvidual, designed to get in undetected, remain covert, and maximize intelligence opportunities over time.(http://pursuitmag.com/cyber-crime-terms-and-definitions)

Unlike regular phishing attacks, which involve spamming a message to random users, spear-phishing targets specific individuals or small groups of employees at specific companies. The former are generally designed to steal banking credentials and e-mail passwords from users, while the latter generally focus on gaining access to a system to steal intellectual property and other sensitive data.

Spear-phishing attacks generally arrive disguised as e-mails from a trusted source, such as a company manager or the company’s IT department.  They will generally contain either a malicious attachment or a link to a malicious web site that the target is encouraged to click on to obtain some important information about a company, project or  matter.

Once the target opens the attachment or clicks on the link, the payload is delivered to their system.  A vulnerability is exploited by the attachment, malware is quietly installed by the attachment, or the browser is directed to a malicious site, where malware is downloaded and installed to the computer.  The malware typically allows an attacker to control the victim’s computer remotely, steal bank account login information, or capture other important information and data.

According to Symantec’s report, the industry currently being hardest hit by spear-phishing attacks is the retail industry, jumping from just 7 attacks a month to 516.  These numbers are somewhat skewed though, since Symantec counts each copy of a malicious e-mail received by an organization as a unique attack, even if it’s the same e-mail sent to multiple people at the same time.  The report does illustrate that spear-phishing remains a trusted and effective tool in the modern cyber criminal’s arsenal.