Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, May 28, 2013

91% of targeted attacks start with spear-phishing email

These emails are part of the operations of an emerging and active targeted threat called Safe campaign, the operations of which are documented in the research paper by Trend Micro. These spear-phishing emails contain a malicious attachment and encourage a recipient to open a harmful attachment by attracting him with contextually relevant content. From a threat perspective, Trend Micro has identified five key target organisations including government ministries, technology companies, media outlets, academic research institutions and non-governmental agencies.


Threats are not new and IT departments have already seen various kinds of advanced persistent threats (APTs) or malware-based espionage attacks that have been around for years. Trend Micro has not determined the total number of victims in the campaign but apparently, about 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to this threat and the average number of actual victims was counted at 71 per day.

As this threat identified by Trend Micro has the potential to affect people all across the world, enterprises should focus on detecting and mitigating attacks and leverage core components of a defence strategy as presented by the report.

Enterprises should also empower human analysts and also leverage technologies available today to gain visibility, insight, and control over networks to defend against targeted threats.

Once an attack is identified, the cleanup strategy should focus on determining the attack vector and cut off communications with the command-and-control (C&C) server.


Posted on 05/28