'Spear phishing' attacks target networks

Jan. 8, 2013 at 5:53 PM

ATLANTA, Jan. 8 (UPI) -- Corporate networks are at risk from "spear phishing," a cyberattack using specific knowledge about employees and their organizations, U.S. researchers say.

Security researchers at the Georgia Institute of Technology say the attacks often take the form of emails that seem to originate from a fellow worker or a superior, asking workers to visit a particular website or provide some personal or work-related information.

The website may attempt to install malware into the corporate network, launch a virus or ask for a user's password, they said.

"Spear phishing is the most popular way to get into a corporate network these days," researcher Andrew Howard said. "Because the malware authors now have some information about the people they are sending these to, they are more likely to get a response. When they know something about you, they can dramatically increase their odds."

Public information, much of it from social media sites, often provides the attacker with that personal information.

The weakest link in a corporate network can be a single worker who falls for an authentic-looking email, the researcher said.

"Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully crafted email to let someone into it," Howard said. "It's very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, email users have to do the right thing every single time."

Related UPI Stories
Latest Headlines
Trending Stories
TSU shooting: 1 dead, 1 wounded in third shooting this week at Houston campus
Listeria threat prompts Whole Foods cheese recall
Russia says missiles aimed at Syria did not land in Iran
Captive orca breeding banned at California's SeaWorld
Wrong drug used in Oklahoma execution