[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Spear-phishing stats reveal unexplained holiday spikes


By Ellen Messmer
Network World
February 14, 2012

While phishing attempts against workplace email accounts drop precipitously on Christmas and New Year's Day, as might be expected, such attacks spike dramatically on other holidays, says a report from a security firm. Why is not clear.

Attackers seem to be hard at work on U.S. holidays, including Independence Day, Labor Day, Columbus Day and Thanksgiving when attack levels spike strongly upward, according to FireEye's "Advanced Threat Report - 2011" which summarizes patterns of malware-based attacks seen against its customers during the course of last year. But Christmas and New Year's represents the opposite, when "attack levels dropped off well below the average," the report says. There's only speculation that "there are significantly fewer employees working during those holidays, so there are fewer opportunities for targeted users to actually open malicious attachments."

The worst holiday for phishing email seems to be Labor Day, when malicious email increased 1,353% over the average. Columbus Day was second, when phishing rates jumped 549%. FireEye speculates that "spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays."

In other efforts to decipher the meaning of patterns of malicious activity spotted on customer networks, FireEye also pointed out that of the thousands of malware families, the top 50 generated 80% of successful malware infections. FireEye cited the toolkit called Blackhole as a prominent criminally used toolkit in 2011 to "drop" malware on vulnerable machines.


Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly.  Best program, best price.