Connect with us

Hi, what are you looking for?



Spear Phishing Hooked Businesses Big and Small in 2013: Symantec Report

Some of the most sophisticated attacks don’t start with malware; instead, they start with a spear phishing email.

Some of the most sophisticated attacks don’t start with malware; instead, they start with a spear phishing email.

In Symantec’s latest Internet Security Threat Report, the company revealed that targeted attacks aimed at small businesses (1-250 employees) accounted for 30 percent of targeted spear-phishing attacks detected in 2013. One in five small business organizations were targeted with at least one spear-phishing email. News was not much better for large enterprises. According to Symantec, 39 percent of targeted spear-phishing attacks were sent to enterprises with more than 2,500 employees. One out of two large enterprises was targeted with at least one such attack.

“While the total number of emails used per campaign and the number of those targeted has also decreased, the number of spear-phishing campaigns themselves saw a dramatic 91 percent rise in 2013,” according to the report.

“The frontline in these attacks is moving along the supply chain and large enterprises may be targeted through Web-based watering hole attacks should email-based spear-phishing attacks fail to yield the desired results,” the report continued.

Roughly one in three organizations in the mining, government and manufacturing sectors were hit by at least one spear-phishing attack during 2013. The government sector alone was the target of 16 percent of spear-phishing blocked last year, Symantec reported.

“Traditionally, manufacturing and mining companies have not had to worry about information security threats as much as say, financial services, as the primary adversaries were cybercriminals,” said Rohyt Belani, CEO and co-founder of PhishMe. “However, with the rise of the nation-state actors these industries are under constant attack as the proverbial ‘pot of gold’ of proprietary information and intellectual property is very lucrative. The lack of an IT savvy workforce and appropriate budgets to fund cyber-security efforts further exacerbate the problem.”

Overall, the number of spear-phishing emails detected by Symantec fell from 116 a day in 2012 to 83 a day in 2013. Two of the most common words in those emails were order and payment.

“One mega breach can be worth 50 smaller attacks,” said Kevin Haley, director of Symantec Security Response, in a statement. “While the level of sophistication continues to grow among attackers, what was surprising last year was their willingness to be a lot more patient – waiting to strike until the reward is bigger and better.”

Advertisement. Scroll to continue reading.

There was more than a 62 percent increase in the number of data breaches compared to 2012, resulting in more than 552 million identities being exposed.

“Security incidents, managed well, can actually enhance customer perceptions of a company; managed poorly, they can be devastating,” noted Ed Ferrara, vice president and principal analyst at Forrester Research, in a statement. “If customers lose trust in a company because of the way the business handles personal data and privacy, they will easily take their business elsewhere.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...


Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...


The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...


A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...