Spear Phishing in the News


Spear phishing scams and major hacking operations were some of the biggest news stories in 2016. Voter databases were hacked during the election and even a major transportation agency had a breach. Unfortunately, it doesn’t look like things will be slowing down in the new year. Just as we were leaving 2016 behind, three more major cybercrimes were uncovered.

The cost of CyberCrime will rise to $2.1 trillion in the next 2 years.

Chinese Hackers

Throughout 2014 and 2015, three Chinese hackers infiltrated the systems of seven New York law firms and gained access to confidential information. This data was the utilized for multiple insider trading deals. The three criminals made about $4 million from their efforts, and are now being charged with hacking and insider trading by the US Security and Exchanges Commission (SEC).

Chinese hackers made $4 million through insider trading deals after hacking and stealing information from NY law firms.

The Attack

Although seven law firms associated with three different companies were involved, the same tactics were used in all of the breaches.

  • Starts with a Spear Phishing Email: A hacker obtained login credentials from an individual at the firm, mostly likely through a spear phishing email
  • Malware: With this access, the hacker was able to install malware on the server, giving them full access to the email accounts of executives
  • Data Breach: With this malware installed the hackers were able to sift through emails for confidential data for trade dealings

These breaches were discovered using “enhanced trading surveillance and analysis capabilities” developed by the SEC in the last few years. The SEC is now freezing the assets of all three hackers, but this attack has shed light on just how catastrophic a breach like this can be.

Why did they target law firms?

“You are and will be the targets of cyber hacking, because you have information valuable to would-be criminals” Preet Bhara, U.S. Attorney for Manhattan

It’s not just law firms that are targets, but any company that handles valuable or confidential information to have the proper security precautions in place.

Vermont Utility

In late December, the Washington Post reported that malware code previously associated with Russian hacking attempts had made its way onto a computer connected to the Vermont Utility grid. Although this statement was later revised to state that the code was discovered on a computer that was not directly connected to the grid, it still exposed a major vulnerability.

Russian hackers installed malware on a laptop after obtaining credentials through spear phishing emails.

The hackers gained access to the system by sending spear phishing emails that tricked recipients into revealing their passwords. The malicious code was discovered during routine monitoring, after which Burlington Electric isolated the laptop and immediately alerted the authorities.

What does this mean?

It is no secret that Russia has an ongoing campaign of cybercrime against the United States. What is not clear, however, is what their motives were with this particular attack. It is presumed that they either wanted to disrupt operations or test to see if they could penetrate the system for future attacks. Both of these scenarios could cause major disruptions to electricity and emergency services in that area.

National Health Service (NHS) Trust UK

Just as 2017 began, the largest hospital trust in the UK was infected with Trojan horse malware, (not ransomware as initially reported) interrupting operations at four hospitals around east London. The infection affected thousands of files on computers and servers running Windows XP, and most likely made its way into the system through a spear phishing email. Since this type of zero-day malware had never been seen before, the hospital’s typical email security systems were no match for an attack like this.

A zero-day Trojan horse malware virus infected thousands of patient files at four hospitals associated with the NHS Trust in the UK.

Although there were no reports about demands from the hackers, Ben Gummer, Minister for Cabinet, stated that “large quantities of sensitive data” were held from the NHS and Government. The hospitals made every effort to ensure patient care was not disrupted and attempted to remedy the situation immediately by turning off file sharing between departments and taking multiple drives offline.

Luckily, the precautions taken contained the attack from causing any serious damage, but the entire situation could have been prevented if the hospitals had been equipped with an email security system enhanced with artificial intelligence that can catch zero-day threats such as this Trojan.

It’s happened before.

The NHS was warned of a potential cyber-attack after another set of hospitals was targeted back in October. That attack was the result of phishing emails, and although the hospitals did not pay the ransom, it caused major service disruptions. The hospitals were forced to shut down all major systems, and halt operations for two days resulting in almost 3,000 appointments cancelled, including surgeries.

Attacks involving confidential health data of data aren’t just security issues, but patient health issues.

Spear Phishing Protection

What all these attacks have in common is the vulnerability of most organizations to a well-orchestrated spear phishing attack. With the proper security and training, every single one of these catastrophic attacks could have been prevented. Traditional email security is hopelessly broken and ineffective against spear phishing and zero-day attacks. That is why you need advanced email protection.

93% of data breaches start with an email attack.

Vade provides advanced email security powered by artificial intelligence. Domain verification, content analysis, style analysis, and dozens of additional factors are taken into account and sifted through by our A.I. security system to ensure that dangerous emails are kept away from your employees’ inbox until they are determined safe. Machine learning and artificial intelligence systems are constantly enhanced by input from our 24/7 global email security centers.

Want to learn more about the Vade Email Suite? Contact us today.