How to thwart spear phishing attacks
Many of the recent, large data breaches such as Target, Anthem, and Sony started with a sophisticated spear phishing attack: an email targeted at specific individuals within a corporation that is engineered to look legitimate and fool even tech-savvy users. The email either has a malware-laced attachment or a malicious link that when opened installs malware in order to attempt to gain system access and steal data.
Unfortunately, since stealing data is lucrative nowadays, these spear phishing attacks are often very sophisticated and hard to spot since they have been composed with considerable effort and target only a small number of individuals. The emails look legitimate so regular spam filters cannot identify them and not all anti-malware engines will always be able to detect the malware in the attachment. So what can companies do to protect themselves against spear phishing attacks?
#1 -- Teach Caution: Make sure that your employees are aware of possible spear phishing attacks. Even though spear phishing attacks are made to look legitimate, and often make use of social engineering in order to gain information on the individual to make the email seem trustworthy, a warned employee might still be able to spot that something is out of the ordinary. In short, warn your employees to be cautious, even if an email appears to be from a co-worker.
#2 -- Use Multiple Antimalware Engines: With 450,000 new threats emerging daily, a single anti-virus solution is no longer going to cut it. By scanning email attachments and web content with multiple antimalware engines you are multiplying the chance that known as well as unknown malware is detected. Antimalware vendors address different threats at different times. With multiple engines the chance of detecting new threats is significantly increased, and threats designed to exploit vulnerabilities in specific engines can be thwarted.
# 3 -- Sanitize Attachments: As a precautionary measure, it is a good idea to change the format of incoming email attachments in order to remove any possible embedded threats. Many spear phishing emails include malicious Word or PDF attachments. By changing the format of a Word document to PDF and vice versa, scripts and other possible threats are automatically removed.
# 4 -- Limit Attachment Types: By blocking potentially dangerous email attachment types such as .exe files and scripts, it is more difficult for malware to spread. It is also important to verify the attachment file type, in order to avoid for instance .exe files renamed as .txt files to get through the company’s filters.
# 5 -- Segregate and Encrypt Data: If you make sure that your data is segregated and encrypted, even if the attackers get an employee to click on a malicious email attachment, data encryption and segregation can ensure that your data is still safe, regardless of the intrusion.
In conclusion, don’t just rely on your employees or spam filter to be able to tell the difference between a spear phishing email and a legitimate email. Sometimes it is impossible to tell. A better approach is to make sure that web content and email attachments are scanned with multiple anti-virus engines and documents with possible embedded threats are 'sanitized' by converting them to a different file format and removing any embedded threats. Finally, by segregating and encrypting your data you can still prevent data theft even if the spear phishing attack is successful.
Photo credit: JonMilnes/Shutterstock
Deborah Galea is Product Marketing Manager at OPSWAT, a company that provides solutions to secure and manage IT infrastructure, and developers of multi antimalware scanner Metascan. Deborah is an expert in email security and is dedicated to identifying solutions that help companies of all sizes secure the data workflow in their organization. Prior to joining OPSWAT, Deborah co-founded Red Earth Software, a company that specialized in email security solutions for Microsoft Exchange Server.