It’s the last thing security professionals want to see: A new hacking method that makes it even harder to detect suspect code in emails. The method is actually a stealthy combination of two favorite attack modes, and it shows that hackers are pulling out all the stops to ensnare computer users in their webs. Phishing and spear phishing have long been thought to be mutually exclusive hacking tricks, but cybercrooks have found a way to combine the two in a technique called longline phishing.
“The technique allows you to hit a lot of people very quickly and largely go undetected,” Dave Jevans, founder and CTO of Marble Security and founder of the Anti-Phishing Work Group, told TechNewsWorld.
With spear phishing, which is typically used as a vehicle for advanced persistent threat attacks like the recent one on The New York Times, a select group of connected people are targeted with a highly credible email message based on extensive research of the targets’ backgrounds. “With longlining, you can get hundreds of people exposed to a website that will infect their computers,” Jevans noted.
He explained that longliners — named after commercial fishermen who use long lines of hooks to catch fish — might send 100,000 emails from 50,000 IP addresses, which makes it difficult to identify an email from a particular server as hacking bait.