Information Security Advisory - Longlining

03/18/15

Longlining,” the latest evolution of phishing attacks, have much higher success rates and can seriously compromise organizational and personal information.  Due to their growing popularity among spies and criminals, we thought it a good time to answer some common questions about these attacks.

Q:  What is longlining?
A:  It’s a very sophisticated form of phishing, which helps explain the moniker: “longlining” is a type of commercial fishing.  Longliners use impressive craft in creating their attacks; each message is customized for its recipient, and the attackers possess detailed knowledge of the organizations, departments, and individuals they go after.

Q:  Is longlining effective?
A:  Very.  Experts commonly see “click-through” rates topping 10%, an unheard-of success rate for phishing.

Q:  What are the bad guys’ goals in a longline campaign?
A:  Typically, longliners seek the same thing other modern-day phishers do: a toehold into an organization’s network.  While they may unlock sensitive personal information about victims, their endgame is more often a “long-tail” espionage campaign in which they electronically eavesdrop on a company, sometimes for years.

Q:  How can I guard against longlining?
A:  At its core, longlining is simply a phishing attack, which in turn is an example of social engineering.  So while the email you receive may be extremely convincing, your defense measures remain the same:

  • Don’t be rushed.  Any email demanding an immediate response is suspect, as this is a classic social-engineering ploy aimed at compelling you to act before you think. 
  • Listen to your gut.  Sure, an email may look exactly like one from your manager; it may even refer to the round of golf you two played last month.  Nevertheless, if that message urges you to violate policy by, for example, replying with your network login and password—that’s a red flag. 
  • Never click on links in emails unless you are absolutely certain of their authenticity.

 

Security FYI

 

Ex-Employees Pose Big Risk to Businesses
There’s been an increase in computer network exploitation and disruption by unhappy or former employees, according to a new warning from the FBI and Department of Homeland Security.  The agencies say that because of authorized access to sensitive information and computer networks, fired and dissatisfied employees are posing a significant cyberthreat to U.S. businesses.  In recent months, the FBI has launched several investigations into cases in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company.

Hackers Grab 800,000 Banking Logins
Malware-wielding attackers have compromised over 800,000 banking credentials, primarily from the five largest financial-services firms, a new study warns.  The Russian-speaking attackers used malware dubbed “Qbot” to accomplish the thefts, installing that software an astonishing half-million PCs. Authorities say it’s unclear how many of the stolen credentials have already been used to commit fraud, but according to experts, it’s only a matter of time.  About half of the credentials came from computers running Windows XP, which is now unsupported by Microsoft.


FBI Warns of Cyberattacks Linked to China
The FBI has issued a warning to companies of cyberattacks by people linked with the Chinese government.  The advisory contains information those companies can use to help determine whether their systems have been compromised, and provides steps they can take to mitigate any continuing threats. An FBI spokesman said the agency “has recently observed online intrusions that we attribute to Chinese government affiliated actors.  Private-sector security firms have also identified similar intrusions and have released defensive information related to those intrusions.  In the law-enforcement and counterespionage community, it is widely known that China has a massive, longstanding policy of spying on U.S. businesses for commercial and military gains.

The above notice is archived content and may contain information that is no longer valid. This includes URL's that were valid when originally published, but may now link to sites or pages that no longer exist.