Spear-Phishing and Advanced Persistent Threat Campaigns

By Admin on 07/08/2013 9:15 AM

« Return to Blog

Spear-phishing is the most prevalent delivery method for advanced persistent threat (APT) attacks. Today’s cyber criminals launch APT attacks with sophisticated malware and sustained, multi-vector and multi-stage campaigns to achieve a particular objective. In a typical spear-phishing attack, a specially crafted email is sent to specific individuals from a target organization. “APT campaigns frequently make use of spear-phishing tactics because they are essential to get high-ranking targets to open phishing emails,” the TrendLabs APT Research Team noted in the Trend Micro white paper.

Spear-phishing may be defined as highly targeted phishing aimed at specific individuals or groups within an organization. Spear-phishing makes use of information about a target to make attacks more specific and personal to the target. Spear-phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data.

  • 91% of targeted attacks involve spear-phishing emails.
  • 84% of organizations said a spear-phishing attack successfully penetrated their organization in 2015.
  • Spear-phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defenses.
  • According to Trend Micro, a typical spear-phishing attack includes an email including information specific to the target and an attachment. 
  • Trend Micro reported that spear-phishing tactics have become a favorite for targeted attacks because victims are more often duped into opening these types of emails.
  • 94% of targeted emails use malicious file attachments.
  • 70% of attachments include files such as .doc, .docx, .xls, xlsx, .pdf
  • Social networking sites allow attackers to harvest relevant information to use in attacks.
  • Over half of spear-phishing email recipients addresses are available via simple internet searches.

Visit our Phishing Facts and Spear-Phishing Facts pages for useful information on the threat of phishing and spear-phishing and prevention information about same.

« See More Facts

« Return to Blog