The FBI’s IC3 says spear-phishing attacks are targeting multiple industries, and that the end goal is to steal IP or compromise banking credentials. “Cyber-criminals target victims because of their involvement in an industry or organization they wish to compromise,” the IC3 states. “Recent attacks have convinced victims that software or credentials they use to access specific websites need to be updated. The e-mail contains a link for completing the update.”
This threat is nothing new to the IT Security Auditors at BAI Security. Michael Bruck, a founding partner at BAI Security, explained “For many years we’ve seen widespread weaknesses in social engineering with end-users and since their workstations are very often riddled with exploitable vulnerabilities, this combination makes for a very high breach risk. Due to these factors, we’ve tailored many of the Social Engineering scenarios in our evaluations to mimic these attacks, so we can educate organizations and help them mitigate these real-world risks.”
Jenny Shearer, an FBI spokeswoman, says this latest warning is just one in a series of public notices the IC3 has issued in recent months about the increasing sophistication of spear-phishing attacks. “The FBI has become aware of new variations of spear-phishing attacks and has seen a slight increase in these particular schemes in the past 12 months,” she says.
These increases have been noted by the FBI through the number of complaints it receives as well as from information collected during cyber-attack investigations, Shearer adds.