ARN

Spear-phishing stats reveal unexplained holiday spikes

While phishing attempts against workplace email accounts drop precipitously on Christmas and New Year's Day, as might be expected, such attacks spike dramatically on other holidays, says a report from a security firm. Why is not clear.

Attackers seem to be hard at work on U.S. holidays, including Independence Day, Labor Day, Columbus Day and Thanksgiving when attack levels spike strongly upward, according to FireEye's "Advanced Threat Report - 2011" which summarizes patterns of malware-based attacks seen against its customers during the course of last year. But Christmas and New Year's represents the opposite, when "attack levels dropped off well below the average," the report says. There's only speculation that "there are significantly fewer employees working during those holidays, so there are fewer opportunities for targeted users to actually open malicious attachments."

How the Phoenix Suns basketball team takes on social-media attacks

The worst holiday for phishing email seems to be Labor Day, when malicious email increased 1,353% over the average. Columbus Day was second, when phishing rates jumped 549%. FireEye speculates that "spear phishing attacks increase when enterprise security operations centers are lightly staffed or understaffed, particularly during holidays."

In other efforts to decipher the meaning of patterns of malicious activity spotted on customer networks, FireEye also pointed out that of the thousands of malware families, the top 50 generated 80% of successful malware infections. FireEye cited the toolkit called Blackhole as a prominent criminally used toolkit in 2011 to "drop" malware on vulnerable machines.

FireEye's report identifies various information-stealing programs, calling out the six top malware programs in 2011 as Zbot, Sality, LdPinch, Licat, Zegost and Clampi.

Interestingly, the well-known Conficker worm "continues to remain one of the more popular worms infecting machines worldwide," even three years after it was first detected.

Based on its detection methods, FireEye believes more than 95% of enterprises had malicious infections somewhere in their networks each week, while 80% averaged an infection rate of more than 75 per week.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Citadel, FireEye, IDG, LAN, Phoenix
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: anti-malware, FireEye, malware, security, Threat Report
ARN Directory | Distributors relevant to this article
WhiteGold Solutions
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/2011-02-25_368_avg-wants-you
AVG (AU/NZ) Pty Ltd

AVG Wants You!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.