Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":155,"date":"2017-03-07T12:45:34","date_gmt":"2017-03-07T12:45:34","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=155"},"modified":"2019-04-17T12:20:48","modified_gmt":"2019-04-17T12:20:48","slug":"phishin-magicians-think-the-spammers-are-getting-smarter-youre-right","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2017\/03\/07\/phishin-magicians-think-the-spammers-are-getting-smarter-youre-right\/","title":{"rendered":"Phishin\u2019 Magicians: Think the Spammers are Getting Smarter? You\u2019re Right"},"content":{"rendered":"

$\"magician2\"$ Sigh.<\/em> Just when I thought I\u2019d figured spammers out, they rear their ugly heads and show me that they\u2019re not nearly as dumb as I\u2019d like them to be. Okay, I don\u2019t really know if they\u2019re ugly, but sometimes I browse the crap in my junk folder (I have a penchant for mediocrity) and I pretend they are. It\u2019s much more desirable than the alternative \u2013 that they have Brad Pitt good looks, lounging on their yachts eating KD smothered with really expensive ketchup<\/a> out of solid gold bowls. It should come as no surprise, however, that regardless of how we view them, spammers aren\u2019t the morons we sometimes make them out to be.<\/p>\n

Recently, a number of high profile botnet takedowns<\/a> have made spammers\u2019 migrations to more sophisticated and lucrative endeavors all but a fait accompli. The global law enforcement community, by kicking the hornet\u2019s nest<\/a>, has made our lives a little more difficult by encouraging the spammers to make their approach a lot more surgical. Almost as if they\u2019re coordinated, \u00e0 la the mafia or even heavily funded, state-sponsored operations. I know, it\u2019s unlikely that any country is morally bankrupt enough to fund spear phishing, but it is tempting to imagine massive data centers in high tech buildings, filled with workers pounding away at their keyboards, like an infinite number of monkeys working on the perfect scam to take down an infinite number of unsuspecting targets. And that takes money. It\u2019s not like these spammers were independently wealthy to begin with \u2013 if they were, then why would they bother? They could already afford their own ketchup. Furthermore, I doubt spammers are walking into banks applying for loans to set up well-funded scams.<\/p>\n

A couple of months back, we were warned<\/a> that spammers are getting smarter and more organized, when Cisco Security Intelligence Operations (SIO) published a report entitled \u201c Email Attacks: This Time It\u2019s Personal<\/a>.\u201d In it, Cisco SIO points out that spammers have moved away from tried and not so true \u2018throw-it-against-the-wall-and-see-if-it-sticks\u2019 method, and instead have become more calculated and yes, even sophisticated in choosing spear phishing over bulk phishing. After all, why cast a net that may yield nothing when you can pluck the fish out of the water, one at a time? That is the theory, and Cisco\u2019s numbers seem to back up the bad news: spammers are getting smart.<\/p>\n

Nearly two months after the Cisco SIO report, a new paper published by a security company backs up the speculation. According to marketwire.com<\/a>, security firm Internet Identity (IID) is reporting that more than half of all enterprises were victimized by spear phishing in the past year. The report also identifies that \u201cphishers are becoming more sophisticated criminal marketers,\u201d and that high profile data breaches on large companies like Sony and Epsilon have only underscored the insecurity of personal data, the lifeblood of spear phishers. Noteworthy too is that security firms themselves have come under attack.<\/p>\n

As an example of how sophisticated the phishers have become, the article notes that, \u201cphishers increasingly used a technique called URL rewriting to target multiple legitimate domains simultaneously through compromised shared servers that host hundreds of unique URL’s at a single IP address. Compromising thousands of legitimate domains with good reputations in their attacks allows phishers to bypass many anti-spam measures and increase deliverability of their lure messages.\u201d The report also notes a quarter over quarter increase in phishing by 11%, a whopping number which suggests that while our junk email folders may get lighter, our guard is going to have to be raised for the very real possibility that someday soon, someone\u2019s going to try to poke you in the eye with a spear.<\/p>\n

On an organizational level, this is a tremendous kick in the pants. As I\u2019ve stated previously, I never worry about myself, because I know what to look for. Last month, I received a phone call from someone claiming to be from Microsoft. The chap informed me that Microsoft was calling all Windows users to help them avoid a security breach in the operating system. In between soft chuckling on my part, I goaded him on a bit before yanking the carpet out from under him. \u201cI\u2019m an IT professional,\u201d I explained. \u201cWhy don\u2019t you explain the problem and I\u2019ll fix it myself?\u201d That was enough to get rid of him.<\/p>\n

Now, how will you go about giving everyone you know the knowledge they need in order to tell reality from fantasy?<\/p>\n","protected":false},"excerpt":{"rendered":"