Media Spear Phish 'most dangerous email attack'


by CBR Staff Writer| 05 December 2013

Total average cost of a data breach attack in the UK cost over $2m.

According to a report from security service provider Proofpoint, the Media Spear Phish method of attacking a business is the most harmful and common email attacks used against businesses across a number of verticals.

The report is based on a survey conducted across various vertical sectors including healthcare, financial and pharmaceutical as well as observing attacks including phishing email attacks, social media exploits and other types of malware attacks.

Following the Media Spear Phish, Breaking News Longline, where a large real-life news story is used by hackers to offer information via email, stood as the second most common email attacks, wherein the attackers used news like the Boston Marathon bombings as the largest malware phishing campaign.

Payment Longline that offers customers with details of orders appearing to be from trusted sources is third most dangerous form of attack.

Proofpoint EMEA Director Mark Sparshott said today's mobile and remote working habits also means that nearly 1 in 5 clicks on malicious URLs happen off-network, bypassing traditional security controls such as Web Gateways, IDS and Firewalls.

"Hackers know security teams are struggling to bridge the 'off-network security gap' and so often prey on this area by sending emails on a Friday evening knowing that some of their targets, particularly senior employees, diligently check their emails over the weekend," Sparshott added.

"Research into disclosed breaches shows that 66% go undiscovered for months with the average hacker spending eight months on a victim's network before being discovered."

"However with the lack of visibility from the in-house security teams have means that 63% of breaches are disclosed by 3rd parties instead, typically via the press which is particularly damaging on goodwill and customer confidence."

"Whilst the number one focus should be prevention, early detection of successful breaches should not be far behind in the list of priorities."

Other attacks that were used include Watering Hole Attack as well as the Social Network Longline.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1535 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.