Spear phishing has proven to be one the most efficient and thus most dangerous methods to compromise a company, a government or an institution. In 2015, targeted attacks triggered by spears have happened in various business sectors. An innocently looking email containing malicious code can unleash various malicious campaigns, depending on what cyber criminals are aiming to accomplish.
Learn More about Spear Phishing and Its Outcomes in 2015
As we already wrote, a special survey was recently conducted by Cloudmark to determine the outcome of spear phishing. As it turned out, the 300 companies that took part in it, have confirmed that spear phishing has been a major threat throughout 2015. Most spear attacks have ended with malware, with authentication credentials discovery and corporate information requests being next.
Besides the survey itself (linked above), Cloudmark has gathered some of the most damaging data breaches of 2015 that have started with spear phishing.
In no particular order
Industry Sector: Banking
Target: 100 Banks
Learn More about the Malware Payload: Carbanak
According to a 2015 Kaspersky’s report, at least 100 banks were targeted online by an unidentified cybercriminal group. The company believes that those banks registered financial losses of $2.5 to $10 per bank. In those attacks, spear phishing was used and the infamous Carbanak was spread in the emails.
Industry Sector: eCommerce
145 million user records were stolen, after several employee credentials were compromised. The public criticized eBay for storing sensitive information in an improper manner – in one location, unencrypted. Even though stolen information didn’t include banking details, the eBay users became subject to multiple spam and phishing campaigns. Hence, the eBay breach has been dubbed one of the biggest security breaches in modern history.
Industry Sector: Retail
Target: HVAC, Target
In that particular attack, 40 million credit cards and 70 million other personal records were compromised. Later, it became known that cybercriminals sold 1-3 million credit cards for $18-35 per piece, gaining about $54 million from the operation.
Industry Sector: Technology
Target: Ubiquiti Networks
The attack cost the company $46.7 million. It was triggered by the so-called CEO-spoofing, when a malicious actor impersonates an executive via email and authorizes a wire transfer to the attacker’s account. Luckily, Ubiquiti Networks recovered $8.1 million through intense legal actions in different countries. The case is known as the biggest wire fraud started via spear phishing.
Industry Sector: Entertainment
Target: Sony Pictures
The major data leak Sony Pictures suffered in 2015 was most likely provoked by the release of the controversial movie The Interview. Internal documents, financial data, unreleased motion pictures, private emails were leaked in a supposed North Korean state-sponsored attack. Access was achieved via aggressive spear phishing.