12:00 PM
Rohyt Belani
Rohyt Belani
Connect Directly

Infographic: The Story Of A Phish

Are your employees like Troy, blissfully unaware of the dangers of spear phishing?

Spear phishing has gained wide acceptance across the security industry as the majority source of cyber-attacks. How do adversaries develop spear phishing emails? Attackers target specific organizations that offer information of strategic or economic value. Once a target organization has been identified, attackers will use social media and publicly available information to research employees of that organization to target with a spear phishing email.

Spear phishing typically targets lower and mid-level employees -- like Troy in the infograhic we developed at PhishMe, a security awareness training company -- instead of high-level executives or IT operators. The massive amount of information available on social networks gives attackers plenty of fodder to craft highly personalized emails, as is illustrated in Troy's story.

Spear phishing campaigns like this one can be used to execute drive-by attacks with a malicious link, drop malware on to the network with an email attachment, or gather login credentials through old-fashioned social engineering. Attackers can exploit zero-day vulnerabilities to bypass anti-virus measures and drop malware on to the target network, but they may also avoid malware altogether.

These emails will attempt to exploit emotions (such as greed, fear, or curiosity), spoof reputable organizations (like a recipient's bank), or reference current events to appeal to recipients. The sheer volume of emails being sent every day often allows spear phishing emails to slip past spam filters and into employee inboxes.

Like Troy, most recipients will open and read a spear phishing email within hours -- if not minutes -- of receiving it, allowing attackers to gain a foothold quickly in the target network and begin their operations. With cybercrime costing organizations an average increasing from $8.9 million to $11.6 million from 2012 to 2013, organizations can expect adversaries to continue carrying out cyber-attacks by targeting users through spear phishing.

How are you educating users about the dangers of spear phishing. Let's chat about it on the comments.

Rohyt has over a decade of experience in the information security industry, with prior roles including co-founder and CEO of Intrepidus Group (acquired by NCC Group), Managing Director at Mandiant (acquired by FireEye), Principal Consultant at Foundstone (acquired by McAfee), ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/14/2014 | 1:29:22 AM
Tetraupload VPN 
This is why we must use a very good vpn like TetraUpload VPN  http://tetraupload.com  

Encrypt my data and secure my internet connection! 
Randy Naramore
Randy Naramore,
User Rank: Ninja
5/13/2014 | 4:03:35 PM
Re: Phish tale
Big point being, Phishers use social media to get information about users. This should be a lesson for all, don't put too much information on social media. 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/13/2014 | 12:19:54 PM
Phish tale
"Troy's" story makes a strong case about how vulnerable employees are in the daily work grind of work, email and social media. It was interesting to me that 40 percent of cyber attacks were targeted  towards the utility industry. Are those phishing attacks or just attacks in general? 
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.