October 24, 2012
The top words cybercriminals use create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping, according to FireEye.
Urgent terms such as "notification" and "alert" are included in about 10 percent of attacks. An example of a malicious attachment is "UPS-Delivery-Confirmation-Alert_April-2012.zip."
"Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear phishing emails are on the rise because they work," said Ashar Aziz, founder and CEO, FireEye. "Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses."
Cybercriminals also tend to use finance-related words, such as the names of financial institutions and an associated transaction such as "Lloyds TSB - Login Form.html," and tax-related words, such as "Tax_Refund.zip." Travel and billing words including "American Airlines Ticket" and "invoice" are also popular spear phishing email attachment key words.
Spear phishing emails are particularly effective as cybercriminals often use information from social networking sites to personalize emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.
FireEye highlights that cybercriminals primarily use zip files in order to hide malicious code, but also ranks additional file types, including PDFs and executable files.