[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Spear-phishing stats reveal unexplained holiday spikes
By Ellen Messmer
February 14, 2012
While phishing attempts against workplace email accounts drop
precipitously on Christmas and New Year's Day, as might be expected,
such attacks spike dramatically on other holidays, says a report from a
security firm. Why is not clear.
Attackers seem to be hard at work on U.S. holidays, including
Independence Day, Labor Day, Columbus Day and Thanksgiving when attack
levels spike strongly upward, according to FireEye's "Advanced Threat
Report - 2011" which summarizes patterns of malware-based attacks seen
against its customers during the course of last year. But Christmas and
New Year's represents the opposite, when "attack levels dropped off well
below the average," the report says. There's only speculation that
"there are significantly fewer employees working during those holidays,
so there are fewer opportunities for targeted users to actually open
The worst holiday for phishing email seems to be Labor Day, when
malicious email increased 1,353% over the average. Columbus Day was
second, when phishing rates jumped 549%. FireEye speculates that "spear
phishing attacks increase when enterprise security operations centers
are lightly staffed or understaffed, particularly during holidays."
In other efforts to decipher the meaning of patterns of malicious
activity spotted on customer networks, FireEye also pointed out that of
the thousands of malware families, the top 50 generated 80% of
successful malware infections. FireEye cited the toolkit called
Blackhole as a prominent criminally used toolkit in 2011 to "drop"
malware on vulnerable machines.
Certified Ethical Hacker and CISSP training with Expanding Security gives
the best training and support.
Get a free live class invite weekly. Best program, best price.