Home > Cyber News > Top 5 Cyber Attacks Started by Spear Phishing

Top 5 Cyber Attacks Started by Spear Phishing

shutterstock_94715374Spear phishing has proven to be one the most efficient and thus most dangerous methods to compromise a company, a government or an institution. In 2015, targeted attacks triggered by spears have happened in various business sectors. An innocently looking email containing malicious code can unleash various malicious campaigns, depending on what cyber criminals are aiming to accomplish.

Learn More about Spear Phishing and Its Outcomes in 2015

As we already wrote, a special survey was recently conducted by Cloudmark to determine the outcome of spear phishing. As it turned out, the 300 companies that took part in it, have confirmed that spear phishing has been a major threat throughout 2015. Most spear attacks have ended with malware, with authentication credentials discovery and corporate information requests being next.

Besides the survey itself (linked above), Cloudmark has gathered some of the most damaging data breaches of 2015 that have started with spear phishing.

In no particular order

Industry Sector: Banking

Target: 100 Banks

Learn More about the Malware Payload: Carbanak

According to a 2015 Kaspersky’s report, at least 100 banks were targeted online by an unidentified cybercriminal group. The company believes that those banks registered financial losses of $2.5 to $10 per bank. In those attacks, spear phishing was used and the infamous Carbanak was spread in the emails.

Industry Sector: eCommerce

Target: eBay

145 million user records were stolen, after several employee credentials were compromised. The public criticized eBay for storing sensitive information in an improper manner – in one location, unencrypted. Even though stolen information didn’t include banking details, the eBay users became subject to multiple spam and phishing campaigns. Hence, the eBay breach has been dubbed one of the biggest security breaches in modern history.

Industry Sector: Retail

Target: HVAC, Target

In that particular attack, 40 million credit cards and 70 million other personal records were compromised. Later, it became known that cybercriminals sold 1-3 million credit cards for $18-35 per piece, gaining about $54 million from the operation.

Industry Sector: Technology

Target: Ubiquiti Networks

The attack cost the company $46.7 million. It was triggered by the so-called CEO-spoofing, when a malicious actor impersonates an executive via email and authorizes a wire transfer to the attacker’s account. Luckily, Ubiquiti Networks recovered $8.1 million through intense legal actions in different countries. The case is known as the biggest wire fraud started via spear phishing.

Industry Sector: Entertainment

Target: Sony Pictures

The major data leak Sony Pictures suffered in 2015 was most likely provoked by the release of the controversial movie The Interview. Internal documents, financial data, unreleased motion pictures, private emails were leaked in a supposed North Korean state-sponsored attack. Access was achieved via aggressive spear phishing.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share