Microsoft today warned users of the dangers behind spear phishing attacks used by threat actors to target specific individuals, in their attempts to infect them with malware, harvest sensitive information, or trick them into making fraudulent payments.
While regular phishing campaigns aren’t picky and use a shotgun spray approach in the hopes of successfully compromising as many targets as possible, spear phishing attacks use messages customized for a single target.
“They are so targeted, in fact, that we sometimes refer to them as ‘laser’ phishing,” Microsoft says. “And because these attacks are so focused, even tech-savvy executives and other senior managers have been duped into handing over money and sensitive files by a well-targeted email. That’s how good they are.”
Redmond’s Cybersecurity Field CTO Diana Kelley and Cybersecurity Solutions Group Senior Manager Seema Kathuria highlight the steps attackers go through while preparing and running spear phishing attacks.
Thus, threat actors that operate this type of campaigns, would first run reconnaissance tasks in an effort to identify potential targets within an organization and a sender that would trick the potential victims into acting first and thinking later.
If the spear phishing attack is successful and the victim acts on the bait, the attackers will be able to get out with the data they were targeting or perform a wide range of malicious actions after infecting the victim’s system with malware.
The payout increases drastically depending on the number of victims targeted by a phishing campaign, with most threat actors being able to get more money for the amount of effort they put in when focusing on fewer or even a single carefully selected victim.
When it comes to detecting spear phishing attacks and block them in their tracks, Microsoft says that companies and their employees can take measures that could greatly reduce risks.
Organizations can use training to educate their workers to detect phishing messages and prepare them to spot signs of a phishing email such as:
• sender addresses that don’t match with the sender’s identity
• language designed to induce a sense of urgency
• requests to break established procedures
• wording inconsistent with the company’s usual terminology
On the other hand, employees that could be targeted in such campaigns should be encouraged to communicate with others in the company when they receive a suspicious email and inform the security team when it happens, thus making sure that all the right people are alerted.
Last but not least, using multi-factor authentication (MFA) will block spear phishers from taking control of other company resources, effectively limiting the damage an intruder could do after compromising a victim’s system or account and while maintaining persistence within an organization’s network.
In July, Microsoft’s Defender ATP Research team spotted a large scale spear-phishing attack series targeting around 100 orgs with malspam emails distributing LokiBot information stealer malware payloads.
The company is also in the process of rolling out an enhanced notification system for phishing messages for admins in all Microsoft 365 environments, as well as a new ‘Unverified Sender’ feature designed to make it simpler for users to detect phishing emails delivered to their Outlook clients’ inboxes.