How does it work?
This inherently provides ‘good’ reputation characteristics to the emails, helping them to evade any reputation-based detection approach. To prolong the attacks time-till-detection, attackers will ensure that the compromised site delivers ‘polymorphic’ malware to user machines. Every user gets a unique version of the malware, essentially defeating the value of new signatures that may be created as the attack starts to be detected. How can I protect against it? Given the sophistication of the content and compromised infrastructure that are typically seen in Longlining attacks, combatting these threats by leveraging a Big Data-driven security solution will likely be more effective. Such a solution should typically not just rely on signatures and reputation controls. The goal of the solution should be to look for patterns based on historical traffic, analyze new traffic in real-time, and make predictions about what needs to be analyzed in a cloud-based advanced malware detection service.
Look for a security solution that can identify mass customized campaigns targeting multiple companies at the same time, pick out the unique characteristics across them to form a pattern, and proactively sandbox these threats to declare the pattern malicious which can help increase detection. Additionally, the security solution should have an approach to manage the messages that do get through. With Longlining attacks typically capable of more than 800,000 messages per minute, many may reach users. The security solution should be capable of rewriting the various URLs in those messages, as well as predictively sandboxing suspicious URLs, so that recipients can be blocked from reaching the malicious destination once advanced malware detection has confirmed destination websites to be bad. This would typically help minimize the amount of effort required in clean-up and remediation.