Spear-phishing - how to reel in the problem
There are many different types of Cyber-attack but the most popular and successful is spear-phishing. The technique has been around for a while but with advent of social media the rate of success has increased. The information that we freely post on social media sites can be very helpful to cyber criminals.
Spear-phishing is a well-structured and multi-faceted Cyber-attack and one that can require a lot of preparation although even this aspect is becoming more automated. There are typically 7 stages of attack and these are explained below.
1. Reconnaissance of the target’s weaknesses.
In order to get beyond a target’s defences whether technology or user based, the attacker will attempt to use information gained from a number of possible sources to lure the user into opening an attachment, typically, that is carrying the malware or code. Social media has unwittingly become a very helpful source of information enabling attackers to leverage relationships or simple personal information such as holidays to create the harmless looking message.
2. Creating the code or weapon.
This stage is also referred to as weaponisation where the attacker designs code to enable the user’s machine to be accessed in one or more different ways and to possibly carry out specific tasks.
3. Delivery of the ‘Weapon’.
The delivery method preferred is via email either as code built into an attachment or where the email provides a URL link to a website that will deliver the code, the latter is termed as a waterhole.
4. Exploitation of the user PC.
Once the malware code has been successfully delivered to the user’s machine, the code will perform the designed tasks by hiding itself beyond the reach of anti-malware software protection. The tasks may be designed to delay activation but will be designed to be inconspicuous when in operation.
5. Installation of communications software
Having gained access to the initial user’s machine the malware will, if so designed, infect as many other machines within the network as possible and thereby creating a complete network of infected machines and without being discovered. As part of this phase malware will be installed enabling the attacker to directly communicate with any of the infected machines.
6. Taking control of the systems
The next step enables the attacker wander around the network establishing control over the network components and in particular access to data depositories.
7. Action the objectives.
The final stage will be to carry out the original purpose(s) of the attack. The purposes will only become clear once the tack has been completed and some cases, there may be a time delay before any signs of an attack become obvious. The objectives could include the extraction of valuable data; the destruction of data; the continuous feeding of data; and so on.
The combination of anti-malware technology; user training; and continuous vigilance will help the reduce the likelihood of a successful attack but businesses need to be prepared to defend but also to plan how best to recover from a successful attack as well.
For more information and assistance in this area contact us on 01268-494160 or email firstname.lastname@example.org