Mobile Menu icon

Whatever you need we've got IT covered.

Our highly experienced support team are capable of handling any IT support issue, so you can relax and concentrate on making your business a success.

In the event of any problems, our standard support hours are 9am-5.30pm, Monday-Thursday, and until 5.00pm on Friday. We offer an extended hours contract whereby the support hours become 8am-6pm, Monday-Friday. If you need a quick solution to a technical problem, then our live remote-assistance tool can help. A member of our dedicated support team can liaise directly with you to find the answer to your question.

Step One - Call 0844 800 4456

CLICK HERE FOR LIVE REMOTE ASSISTANCE

×

Support Form

If you are in need of support please fill in the form below or call us on 0844 800 4456

×

Contact Us

London Office:

Main number: 020 3507 1920

Sales number: 020 3507 1922

Technical support: 0844 800 4456

Essex Office:

Main number: 01268 494 100

Sales number: 01268 494 160

Technical support: 0844 800 4456

×

Blogs

Spear-phishing - how to reel in the problem

There are many different types of Cyber-attack but the most popular and successful is spear-phishing. The technique has been around for a while but with advent of social media the rate of success has increased. The information that we freely post on social media sites can be very helpful to cyber criminals.

Spear-phishing is a well-structured and multi-faceted Cyber-attack and one that can require a lot of preparation although even this aspect is becoming more automated. There are typically 7 stages of attack and these are explained below.

1. Reconnaissance of the target’s weaknesses.

In order to get beyond a target’s defences whether technology or user based, the attacker will attempt to use information gained from a number of possible sources to lure the user into opening an attachment, typically, that is carrying the malware or code. Social media has unwittingly become a very helpful source of information enabling attackers to leverage relationships or simple personal information such as holidays to create the harmless looking message.

2. Creating the code or weapon.

This stage is also referred to as weaponisation where the attacker designs code to enable the user’s machine to be accessed in one or more different ways and to possibly carry out specific tasks.

3. Delivery of the ‘Weapon’.

The delivery method preferred is via email either as code built into an attachment or where the email provides a URL link to a website that will deliver the code, the latter is termed as a waterhole.

4. Exploitation of the user PC.

Once the malware code has been successfully delivered to the user’s machine, the code will perform the designed tasks by hiding itself beyond the reach of anti-malware software protection. The tasks may be designed to delay activation but will be designed to be inconspicuous when in operation.

5. Installation of communications software

Having gained access to the initial user’s machine the malware will, if so designed, infect as many other machines within the network as possible and thereby creating a complete network of infected machines and without being discovered. As part of this phase malware will be installed enabling the attacker to directly communicate with any of the infected machines.

6. Taking control of the systems

The next step enables the attacker wander around the network establishing control over the network components and in particular access to data depositories.

7. Action the objectives.

The final stage will be to carry out the original purpose(s) of the attack. The purposes will only become clear once the tack has been completed and some cases, there may be a time delay before any signs of an attack become obvious. The objectives could include the extraction of valuable data; the destruction of data; the continuous feeding of data; and so on.

The combination of anti-malware technology; user training; and continuous vigilance will help the reduce the likelihood of a successful attack but businesses need to be prepared to defend but also to plan how best to recover from a successful attack as well.

For more information and assistance in this area contact us on 01268-494160 or email maria.west@yellowspring.co.uk

back

Latest News

Disaster Recovery planning is so important for your business, so take the time now to view

Read more

Security professionals have adopted more sophisticated ways of keeping themselves safe from cyber attackers. Despite

Read more

Maintaining business as usual in a connected world is dependent upon our ability to communicate

Read more