Are You Familiar With These Terms?

Written by Jeff on March 8, 2013

new words copyWhen it comes to security, there is no shortage of jargon that gets tossed around the blogs and forums. Much of it comes from the threat landscape growing so rapidly and changing so fast that new attack methods are introduced on a frequent basis.

Just recently, the world of email security found itself adding two new terms to its lexicon. Both of these terms describe new twists on an old standby, phishing.

Phishing is one of the primary methods used for compromising computer assets. Anyone who read the recent Mandiant report knows that the ramifications of someone in your organization falling for a phishing email can have serious repercussions for the entire organization. These new approaches to this can present some real challenges.

Waterholing

One way that anti-spam solutions find, and block, malicious emails is by looking at their links. If any URLs in the email content point to malicious sites that are known, the email is blocked.

To circumvent this, attackers began using two techniques that became known as waterholing. The first method is to include a clean domain in the URL that is embedded in the email. When the recipient clicks this link, they are taken to the original website, but then immediately redirected to another site. This can be the malicious site or the attacker could mask his or her actions by redirecting a few more times before the victim reaches the malicious site.

The second approach to waterholing is when the attacker sends out a phishing email with a link to a site. At first, the web site is free of malware so nothing arouses suspicion. Later, the attacker uploads the malware to the site so people who click on a link a short time later will arrive at the malicious site. Typically, the attacker will send the phishing email out on a Friday night with a benign URL so that it makes its way through the filters. Over the weekend, the attacker can upload any malware to the site so that when the victims arrive at work on Monday morning the link, which once pointed to a clean web site, can now infect the victim’s computer.

Longlining

This term just recently made its way into the vocabulary of security professionals. It basically describes the coming together of the different types of phishing. You see consumer based phishing relies on the old tactic of casting a wide net in hopes you catch something. Phishers will send out millions of emails in hopes that they are able to catch some victims off guard. Fortunately, these emails are easy to spot. After all, if you receive an email that informs you of problems with your account at XYZ bank, but you don’t have an account with XYZ bank, odds are you aren’t going to fall for the trick.

Spear phishing, on the other hand, relies on the ability of the attacker to personalize an email message as much as possible. The drawback for this tactic is that they can’t send their email to as many people – hence the term spear-phishing.

Longlining brings these “best” of these two worlds together. Using this tactic, the attacker can personalize the emails he or she is sending; and send the emails to a large number of people. Just like its namesake in the real world, longlining allows the attacker to cast a wider net than a traditional spear phishing campaign, while still using individual pieces of bait for each victim.

Understanding the different terms used in email security is not only pertinent to understanding the risks associated with email, but it is essential in understanding how to protection your organization, and users, against these threats. Knowing the names of the different attack methods, as well as how they work, will help you choose the right tools to keep you and your assets safer from these sophisticated attacks.

Comments

Claudia March 14, 2013

Longlining sounds kind of scary, maybe because it already brings together two different types of phishing. I guess if the mail sounds personalized, users will surely pay more attention and start to doubt whether they’re receiving something that’s real or not. I have received something that is quite like it, and mind you, I kept it for days though I didn’t really open it. But I kept it. It means at that level they were successful for making me think they could be real. It doesn’t come a surprise anymore why a lot of people these days are messed up by phishing.

Kurt March 17, 2013

I use my email for worked and almost became a victim of these security robbers. I was about to click A link promising to take me to a website offering discounts for a product I wanted when my friend warned me against it. His computer was compromised after he clicked a seemingly clean URL somebody emailed him. His computer heavily infected. So, yes, I share your opinion that one should understand email risks and protection. I’d like to add that knowing the latest updates in email security will also help prevent attacks, especially since new malware can crop up anytime.

Francis March 20, 2013

No, I’m not, but it’s a good thing that you came up with this list. My, there are still a lot of things I don’t know about spam, or maybe new ones have cropped up. Either way, it’s essential for anyone to be knowledgeable about the different security threats online. Knowledge will be our first weapon against them. When we know what they are and how they operate, we can then determine the best possible solution to end the problem. I hope you’ll come up with more of this type of list very soon.

Leslie March 22, 2013

Hi, Kurt, it’s a good thing that your friend was able to recognize the problem, especially the source. Infection can be caused by a lot of things, not only URLs or other attachments found in e-mails. His knowledge, though he has to learn it the bad way, will help him become wiser when it comes to managing e-mail. I would like to know, however, what he did afterward. Did he install an anti-spam filter? What did he use? What specific effect that does the malware have on his computer? Did it slow the system down?

Kurt May 1, 2013

Hi, Leslie! My friend did not really specify what happened to his computer. He just told me it slowed down significantly. I think a lot of his files were also corrupted. That was actually his main worry and complaint. One of our friends from college, who’s into computers and stuff, installed an anti-spam filter, though I’ve yet to ask him what kind it is. It’s an automatic thing; the one that instantly scans your computer and detects spam. My friend’s happy with how things are going now. And we’re both trying to learn all that we can about email security.

  • (required)
  • (required)