Spear-Phishing Stats Reveal Unexplained Holiday Spikes
While phishing attempts against workplace email accounts drop precipitously on Christmas and New Year's Day, as might be expected, such attacks spike dramatically on other holidays, says a report from a security firm. Why is not clear.
Tue, February 14, 2012
Network World — While phishing attempts against workplace email accounts drop precipitously on Christmas and New Year's Day, as might be expected, such attacks spike dramatically on other holidays, says a report from a security firm. Why is not clear.
Attackers seem to be hard at work on U.S. holidays, including Independence Day, Labor Day, Columbus Day and Thanksgiving when attack levels spike strongly upward, according to FireEye's "Advanced Threat Report - 2011" which summarizes patterns of malware-based attacks seen against its customers during the course of last year. But Christmas and New Year's represents the opposite, when "attack levels dropped off well below the average," the report says. There's only speculation that "there are significantly fewer employees working during those holidays, so there are fewer opportunities for targeted users to actually open malicious attachments."
The worst holiday for phishing email seems to be Labor Day, when malicious email increased 1,353% over the average. Columbus Day was second, when phishing rates jumped 549%. FireEye speculates that "spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays."
In other efforts to decipher the meaning of patterns of malicious activity spotted on customer networks, FireEye also pointed out that of the thousands of malware families, the top 50 generated 80% of successful malware infections. FireEye cited the toolkit called Blackhole as a prominent criminally used toolkit in 2011 to "drop" malware on vulnerable machines.
FireEye's report identifies various information-stealing programs, calling out the six top malware programs in 2011 as Zbot, Sality, LdPinch, Licat, Zegost and Clampi.
Interestingly, the well-known Conficker worm "continues to remain one of the more popular worms infecting machines worldwide," even three years after it was first detected.
Based on its detection methods, FireEye believes more than 95% of enterprises had malicious infections somewhere in their networks each week, while 80% averaged an infection rate of more than 75 per week.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about wide area network in Network World's Wide Area Network section.