Risk
5/13/2014
12:00 PM
Rohyt Belani
Rohyt Belani
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Infographic: The Story Of A Phish

Are your employees like Troy, blissfully unaware of the dangers of spear phishing?

Spear phishing has gained wide acceptance across the security industry as the majority source of cyber-attacks. How do adversaries develop spear phishing emails? Attackers target specific organizations that offer information of strategic or economic value. Once a target organization has been identified, attackers will use social media and publicly available information to research employees of that organization to target with a spear phishing email.

Spear phishing typically targets lower and mid-level employees -- like Troy in the infograhic we developed at PhishMe, a security awareness training company -- instead of high-level executives or IT operators. The massive amount of information available on social networks gives attackers plenty of fodder to craft highly personalized emails, as is illustrated in Troy's story.

Spear phishing campaigns like this one can be used to execute drive-by attacks with a malicious link, drop malware on to the network with an email attachment, or gather login credentials through old-fashioned social engineering. Attackers can exploit zero-day vulnerabilities to bypass anti-virus measures and drop malware on to the target network, but they may also avoid malware altogether.

These emails will attempt to exploit emotions (such as greed, fear, or curiosity), spoof reputable organizations (like a recipient's bank), or reference current events to appeal to recipients. The sheer volume of emails being sent every day often allows spear phishing emails to slip past spam filters and into employee inboxes.

Like Troy, most recipients will open and read a spear phishing email within hours -- if not minutes -- of receiving it, allowing attackers to gain a foothold quickly in the target network and begin their operations. With cybercrime costing organizations an average increasing from $8.9 million to $11.6 million from 2012 to 2013, organizations can expect adversaries to continue carrying out cyber-attacks by targeting users through spear phishing.

How are you educating users about the dangers of spear phishing. Let's chat about it on the comments.

Rohyt has over a decade of experience in the information security industry, with prior roles including co-founder and CEO of Intrepidus Group (acquired by NCC Group), Managing Director at Mandiant (acquired by FireEye), Principal Consultant at Foundstone (acquired by McAfee), ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JérômeM921
50%
50%
JérômeM921,
User Rank: Apprentice
5/14/2014 | 1:29:22 AM
tetraupload.com
Tetraupload VPN 
This is why we must use a very good vpn like TetraUpload VPN  http://tetraupload.com  

Encrypt my data and secure my internet connection! 
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
5/13/2014 | 4:03:35 PM
Re: Phish tale
Big point being, Phishers use social media to get information about users. This should be a lesson for all, don't put too much information on social media. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/13/2014 | 12:19:54 PM
Phish tale
"Troy's" story makes a strong case about how vulnerable employees are in the daily work grind of work, email and social media. It was interesting to me that 40 percent of cyber attacks were targeted  towards the utility industry. Are those phishing attacks or just attacks in general? 
More Blogs from Commentary
Ram Scraper Malware: Why PCI DSS Can't Fix Retail
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
Infographic: With BYOD, Mobile Is The New Desktop
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Internet of Things: Security For A World Of Ubiquitous Computing
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
CEO Report Card: Low Grades for Risk Management
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.