Welcome!

Java IoT Authors: Liz McMillan, Pat Romanski, Yeshim Deniz, Elizabeth White, Stefana Muller

News Feed Item

Proofpoint Identifies New Class of 'Industrial Phishing' Attack

'Longlining' Attacks Employ Mass Customization to Penetrate Traditional Enterprise Security Defenses and Effectively Trick End-Users at an Alarming Rate

SAN FRANCISCO, CA -- (Marketwire) -- 02/26/13 -- RSA Conference Booth #739 - Proofpoint, Inc., (NASDAQ: PFPT), a leading security-as-a-service provider, today released the results of a wide-ranging study that identified a new class of sophisticated and effective, large-scale phishing attack dubbed "longlining." Longlining, which is named after the industrial fishing practice of deploying miles-long fishing lines with thousands of individual hooks, combines successful spear phishing tactics with mass customization. Using these techniques, attackers are now able to rapidly deploy thousands of unique, malware laden messages that are largely undetectable to traditional signature and reputation-based security systems. Worse, despite their scale, these mass customized phish were effective enough to trick more than 10 percent of recipients into clicking on malicious content capable of taking complete control of PCs and compromising corporate networks.

Proofpoint was able to trace and defeat these attacks for enterprises using Proofpoint Targeted Attack Protection™, the company's recently introduced, big data protection solution.

Phishing Meets Mass Customization

Unlike conventional mass phishing exploits, the 'hooks' (email messages) used in longlining are highly variable rather than identical, making them largely undetectable to traditional signature and reputation-based security gateways. The messages are typically varied by IP address of origination, subject line and body content. The body content also includes multiple mutations of an embedded destination URL, which typically leads to a site with a positive reputation that's been successfully compromised prior to the attack. The compromised Web destinations are loaded with hidden malware either before, during or sometimes after the attack wave has begun.

Through the use of a distributed cloud of previously compromised machines and process automation to create high variance, attackers have been able to combine the stealth techniques and malicious payloads of spear phishing with massively parallel delivery. This means they can cost-effectively send 10,000 or even 100,000 individual spear phishing messages, all capable of bypassing traditional security. Attackers' ability to distribute thousands of email-borne malicious URL 'hooks' in a matter of hours greatly improves their odds of success and their ability to exploit zero-day defects before corporate IT has time to patch vulnerable systems.

"With longlining, cyber-criminals are combining the stealth and effectiveness of spear phishing with the speed and scale of traditional phishing and virus attacks," said David Knight, executive vice president of product management for Proofpoint. "Legacy security systems and techniques simply can't cope with this combination of speed and sophistication, leaving large enterprises increasingly vulnerable to a wide-range of criminal activity and data loss."

Typical Attacks

As part of the new, six month study, which involved over one billion email messages, Proofpoint observed, documented and countered dozens of longlining attacks globally. For example, on October 3, 2012, Proofpoint observed a Russia-based attack with 135,000 emails sent to more than 80 companies in a three-hour period. To avoid detection, the attacker employed approximately 28,000 different IP addresses as sending agents, 35,000 different 'sender' aliases, and more than twenty legitimate websites compromised to host drive-by downloads of zero-day malware. Because of the different agents, sender aliases, URLs and text, no single targeted organization saw more than three emails with the same characteristic. Overall, this attack represented less than 0.06 percent of the targeted companies' mail flow (compared to 19 percent for spam and 11 percent for virus-laden email). The combination of mass customization and proportionally low volume made this longlining attack effectively invisible to traditional anti-spam products, enabling widespread access to corporate networks.

Similar attacks were documented throughout the fourth quarter of 2012 and early 2013. In another representative attack, approximately 28,800 messages were sent in multiple one-hour bursts to over 200 enterprises. The campaign consisted of 813 unique compromised URLs sent from 2,181 different sending IPs. Again, each organization saw no more than three messages with identical content.

Alarmingly Effective

Despite their relatively large scale, longline attacks were alarmingly effective.

  • Ten percent of the email messages containing embedded malicious URLs that escaped perimeter detection were clicked on by the receiving employees
  • All the longline attacks employed so call "drive-by downloads" installed on compromised web-sites. These attacks leverage browser, PDF and Java vulnerabilities to install "rootkits" invisibly with no user action required beyond clicking on the emailed URL and visiting the infected web-site
  • Almost one out of every five clicks (19%) on malicious URLs embedded in email occurred 'off network' when employees accessed their email from home, on the road, or via mobile devices where they were outside corporate perimeter protection

To learn more about longline phishing attacks, download a copy of the Proofpoint whitepaper, Longline Phishing: Email-borne Threats, Cloud Computing, Big Data, and the Rise of Industrial Phishing Attacks at http://www.proofpoint.com/longline-wp.

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ: PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint's expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at www.proofpoint.com.

Proofpoint Targeted Attack Protection is a registered trademark of Proofpoint, Inc. in the U.S. and other countries. All other trademarks contained herein are the property of their respective owners.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Orlando DeBruce
Proofpoint, Inc.
408-338-6829
[email protected]

Sarmishta Ramesh
Ogilvy Public Relations
303-527-4615
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

IoT & Smart Cities Stories
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.