Security researchers uncover phishing attack with very high success rate
A new and "very aggressive" airline phishing attack was just spotted, and it's one with such a high success rate that even security experts are baffled. It was spotted by Barracuda, and it says that this new attack has a success rate of 90 percent.
The attack combines impersonation, advanced persistent threats and phishing, giving the attackers long-term stealth access to a myriad corporate networks.
Barracuda did not say who is behind the attack, but it did reveal that the attackers' usual targets include logistics, shipping, manufacturing, and pretty much any other industry which requires a lot of travel.
The attacks are often "extremely well personalized," Barracuda claims. Emails are prepared with surgical precision, often coming with destination, airline and prices so carefully selected that they look totally legitimate.
The attack itself is all the usual shenanigans. The victim would get an email about a flight, and in it, an attachment with malware.
"Companies should use a multi-layered security approach to block this type of attack," Barracuda says in a blog post here.
"The first layer is sandboxing. Effective sandboxing and advanced persistent threat prevention should be able to block malware before it ever reaches the corporate mail server. The second layer is anti-phishing protection. Advanced phishing engines with Link Protection look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document. The third layer is employee training and awareness. Regular training and testing of your employees will increase their awareness and help them catch targeted attacks without compromising your internal network."
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Image Credit: wk1003mike / Shutterstock