- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
RSA 2013: Anatomy of a 'Longlining' attack
Proofpoint study describes a "new" industrial phishing technique that's becoming increasingly popular among attackers.
I'm always skeptical when a vendor claims it has discovered a new kind of attack technique. More often than not, it turns out to be a not-so-new attack that has simply been given a new, catchy name by the vendor.
I haven't made up my mind yet on what Proofpoint calls "Longlining," so I'll share the details and leave you to decide.
According to the report, released during RSA Conference 2013, Longlining -- named after the industrial fishing practice of deploying miles-long fishing lines with thousands of individual hooks -- "combines successful spear phishing tactics with mass customization. Using these techniques, attackers are now able to rapidly deploy thousands of unique, malware laden messages that are largely undetectable to traditional signature and reputation-based security systems."
• With longlining attacks, attackers can cost-effectively send 10,000 or even 100,000 individual spear phishing messages, all capable of bypassing traditional security
• On Oct. 3, 2012, Proofpoint observed a Russia-based attack with 135,000 emails sent to more than 80 companies in a three-hour period. To avoid detection, the attacker employed approximately 28,000 different IP addresses as sending agents, 35,000 different ‘sender’ aliases, and more than twenty legitimate websites compromised to host drive-by downloads of zero-day malware.
• Ten percent of the email messages containing embedded malicious URLs that escaped perimeter detection were clicked on by the receiving employees
• All the longline attacks employed so call “drive-by downloads” installed on compromised web-sites. These attacks leverage browser, PDF and Java vulnerabilities to install “rootkits” invisibly with no user action required beyond clicking on the emailed URL and visiting the infected web-site
• Almost one out of every five clicks on malicious URLs embedded in email occurred ‘off network’ when employees accessed their email from home, on the road, or via mobile devices where they were outside corporate perimeter protection.
I find the fishing analogy interesting, but in terms of the technique and reach, I feel like we've been here before. But that's merely my initial gut reaction.
With that, I open the floor for discussion.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment
- Cloud-based Cyber Security: A Hybrid Approach to Threat Detection and DDoS Mitigation IDC Technology Spotlight
- How Identity and Access Intelligence Will Revolutionize IAM
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Defending Against Increasingly Sophisticated Cyber Attacks
- Rethinking Your Enterprise Security - Critical Priorities to Consider