- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
RSA 2013: Anatomy of a 'Longlining' attack
Proofpoint study describes a "new" industrial phishing technique that's becoming increasingly popular among attackers.
I'm always skeptical when a vendor claims it has discovered a new kind of attack technique. More often than not, it turns out to be a not-so-new attack that has simply been given a new, catchy name by the vendor.
I haven't made up my mind yet on what Proofpoint calls "Longlining," so I'll share the details and leave you to decide.
According to the report, released during RSA Conference 2013, Longlining -- named after the industrial fishing practice of deploying miles-long fishing lines with thousands of individual hooks -- "combines successful spear phishing tactics with mass customization. Using these techniques, attackers are now able to rapidly deploy thousands of unique, malware laden messages that are largely undetectable to traditional signature and reputation-based security systems."
• With longlining attacks, attackers can cost-effectively send 10,000 or even 100,000 individual spear phishing messages, all capable of bypassing traditional security
• On Oct. 3, 2012, Proofpoint observed a Russia-based attack with 135,000 emails sent to more than 80 companies in a three-hour period. To avoid detection, the attacker employed approximately 28,000 different IP addresses as sending agents, 35,000 different ‘sender’ aliases, and more than twenty legitimate websites compromised to host drive-by downloads of zero-day malware.
• Ten percent of the email messages containing embedded malicious URLs that escaped perimeter detection were clicked on by the receiving employees
• All the longline attacks employed so call “drive-by downloads” installed on compromised web-sites. These attacks leverage browser, PDF and Java vulnerabilities to install “rootkits” invisibly with no user action required beyond clicking on the emailed URL and visiting the infected web-site
• Almost one out of every five clicks on malicious URLs embedded in email occurred ‘off network’ when employees accessed their email from home, on the road, or via mobile devices where they were outside corporate perimeter protection.
I find the fishing analogy interesting, but in terms of the technique and reach, I feel like we've been here before. But that's merely my initial gut reaction.
With that, I open the floor for discussion.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Security Analytics Video
- B2B Integration on Cloud: Real World Solutions and Technology Advances