How to Avoid Targeted "Spear Phishing" Attacks

Updated: August 11, 2010

First read this Focus brief I wrote: 35 Steps to Protect Yourself from Cyber Espionage. It provides technical advice from the defense department of Australia. Aside from these operational steps you should also:

1. Be aware that the attacker is going to use your social network connections to get to you. This is how Google was compromised late last year. Key employees are identified and their friends and connections on Facebook, Linkedin, etc. are targeted. If anyone has hundreds of social links the odds approach 100% that one of them protects their accounts with simple to guess passwords (abc123, 123456, password). Once those accounts are compromised messages are sent to the target from their friend's account making it highly likely that they will see the message, open it, and even click on a provided link.

2. While you can exhort your employees not to fall for these attacks it is guaranteed that someone will eventually be tricked into clicking on a malicious link. This is why you must deploy content-URL filtering at your gateway. This capability is bundled with most UTM devices and has become very cost effective. They receive a constant stream of malicious URLs through a subscription service and block access to them. So even if someone clicks on a known bad link they are blocked from accessing it. Most of these products also check the URL real time for malicious content and block that too.

3. But spear phishing can be very sophisticated. The malicious URL can be completely unique and the malware used can be new; as it was in the Google attacks. A gateway will not stop it from getting in. Luckily that gateway also provides a second line of defense. Post-infection it will block access to the command and control servers that the infected machine will attempt to connect to. The alerts the UTM generates can help you track down the offending machine/user and get it re-imaged.

4. Finally, one of the more recent threats it the targeting of your financial team in an attempt to discover login credentials for your business accounts. You must find a bank that provides strong authentication to access those accounts, usually in the form of a one time password token. And you must forbid your team from accessing those accounts from outside your network because there are banking Trojans designed to hijack a session and pilfer bank accounts while the authorized user is logged in.

Today's attacks do not stop with technology. Assailants can and will attempt to hire, bribe, or blackmail your people to infiltrate your organization.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more