Find out with a FREE phishing diagnostic test! Learn the best webtutor.exe for developing a security awareness training program that is engaging.
Engaging awareness programs have been shown to change more users’ behavior and are seen as an asset for your organization instead of annoyance. It differs from traditional phishing attacks in that spear-phishing attacks require research before they are executed. Trend Micro’s predictions for 2014 pinpoint that in 2014 spear-phishing attempts amongst other targeted attacks will increase in volume as cyber criminals take advantage of open-source research. But is there any proof that spear-phishing increased from January 2014?
How about its increase compared to 2015? Did it also increase between 2013 and 2014? The graphic below sheds some light on these questions. How widespread is spear-phishing, and what are the attack volume trends? The chart does not include the first 5 months of the year 2013 and it includes the months of year 2015 up to but not including June. However, it provides sufficient data for some conclusions to be made. You can see that the first five months of 2015 has ended with a substantially lower number of spear-phishing attacks compared to 2014 which could lead to us to the conclusion that spear-phishing attacks are declining in volume.
You can definitely spot a trend here. There are certain file types which are being repeatedly used throughout the months and in large volumes. It is easy to gain remote access when a user downloads and opens such a file. 202E that can trick systems into displaying file names like myjpg. In most cases, exploiting the . Microsoft Word program in Windows, it is highly used and vulnerabilities in the program exist such as VBA macros which could allow arbitrary commands to run on the user’s machine. Windows screensavers but it can also allow code to run on your system.
You can see that in the first two months of 2015 the exploit tactics have changed. We see a big increase in the . Within the chart, you can spot that attacks against manufacturing has increased from May to September. We also see an increase of attacks against the broad set of sectors Transportation, Gas, Communications and Electricity and other minor changes of the other sectors. In the examined months, Services, Manufacturing and Finance, Insurance and Real Estate are the sectors that are targeted the most by spear-phishing messages. You can see that May 2015 reveal a peak in spear-phishing attacks against the manufacturing industry while July also shows a large increase of spear-phishing attacks against the wholesale sector. The mining and the logistics sectors are no longer in the top 10 in the examined months of 2015 and attacks against the public administration seem to vanish from the top 10 in July after hitting a peak in May 2015.