Last week the FBI issued a warning about an increase in spear-phishing attacks targeting multiple industry sectors. Spear-phishing is one of the main tools used by attackers to compromise endpoints and gain a foothold in the enterprise network. The attacker utilises a specially crafted email message that lures users to perform an action that will result in malware infection, credentials theft, or both. This is often the first step that enables Advance Persistent Threats (APTs) and targeted attacks. As the FBI warning explains: “Often, the e-mails contain accurate information about victims obtained via a previous intrusion or from data posted on social networking sites, blogs, or other websites. This information adds a veneer of legitimacy to the message, increasing the chances the victims will open the e-mail and respond as directed.”
- Dana Tamir, Director of Enterprise Security, Trusteer
- InfoSecurity
- Posted On