Risk
5/13/2014
12:00 PM
Rohyt Belani
Rohyt Belani
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Infographic: The Story Of A Phish

Are your employees like Troy, blissfully unaware of the dangers of spear phishing?

Spear phishing has gained wide acceptance across the security industry as the majority source of cyber-attacks. How do adversaries develop spear phishing emails? Attackers target specific organizations that offer information of strategic or economic value. Once a target organization has been identified, attackers will use social media and publicly available information to research employees of that organization to target with a spear phishing email.

Spear phishing typically targets lower and mid-level employees -- like Troy in the infograhic we developed at PhishMe, a security awareness training company -- instead of high-level executives or IT operators. The massive amount of information available on social networks gives attackers plenty of fodder to craft highly personalized emails, as is illustrated in Troy's story.

Spear phishing campaigns like this one can be used to execute drive-by attacks with a malicious link, drop malware on to the network with an email attachment, or gather login credentials through old-fashioned social engineering. Attackers can exploit zero-day vulnerabilities to bypass anti-virus measures and drop malware on to the target network, but they may also avoid malware altogether.

These emails will attempt to exploit emotions (such as greed, fear, or curiosity), spoof reputable organizations (like a recipient's bank), or reference current events to appeal to recipients. The sheer volume of emails being sent every day often allows spear phishing emails to slip past spam filters and into employee inboxes.

Like Troy, most recipients will open and read a spear phishing email within hours -- if not minutes -- of receiving it, allowing attackers to gain a foothold quickly in the target network and begin their operations. With cybercrime costing organizations an average increasing from $8.9 million to $11.6 million from 2012 to 2013, organizations can expect adversaries to continue carrying out cyber-attacks by targeting users through spear phishing.

How are you educating users about the dangers of spear phishing. Let's chat about it on the comments.

Rohyt has over a decade of experience in the information security industry, with prior roles including co-founder and CEO of Intrepidus Group (acquired by NCC Group), Managing Director at Mandiant (acquired by FireEye), Principal Consultant at Foundstone (acquired by McAfee), ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JérômeM921
50%
50%
JérômeM921,
User Rank: Apprentice
5/14/2014 | 1:29:22 AM
tetraupload.com
Tetraupload VPN 
This is why we must use a very good vpn like TetraUpload VPN  http://tetraupload.com  

Encrypt my data and secure my internet connection! 
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/13/2014 | 4:03:35 PM
Re: Phish tale
Big point being, Phishers use social media to get information about users. This should be a lesson for all, don't put too much information on social media. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/13/2014 | 12:19:54 PM
Phish tale
"Troy's" story makes a strong case about how vulnerable employees are in the daily work grind of work, email and social media. It was interesting to me that 40 percent of cyber attacks were targeted  towards the utility industry. Are those phishing attacks or just attacks in general? 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.