0
May 17, 2014
Spear Phishing Attack
-Hari V
Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive
information (like u...
 Spear Phishing is easiest and direct method to breach highly secured networks.
 Phishing attacks are very common in nat...
 Performing Reconnaissance
 Scanning and enumeration
 Gaining access
 Escalation of privilege
 Maintaining access
 C...
 It by passes all the traditional attack methodology .
 Gets direct front door entrance access.
=
There is no patch for ...
It just by Email /link/attachment same as Phishing, the only difference is , this attack is
specific to targeted domains a...
Attacker gains all the knowledge about victim (user/company) , this knowledge
includes his/her likes, dislikes, Interests,...
Now attacker creates email similar to victims team mate/supervisor/MD of company
etc. email in different domains. Below ar...
Attackers send the email to which phishing link using all the social engineering
knowledge gained.
Most of the common scen...
 Never use your personal email for work purpose.
 Add Spear Phishing as part of your regular VAPT activity.
 Establish ...
 http://wiki.answers.com/Q/What_is_the_difference_between_phishin
g_and_spear_fishing
Thank you
Impossible is later called as miracle, its all about how you look at it. – Hari
Upcoming SlideShare
Loading in...5
×

Spear Phishing Attacks

1,386

Published on

null Hyderabad Chapter - May 2014 Meet

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,386
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Spear Phishing Attacks"

  1. 1. May 17, 2014 Spear Phishing Attack -Hari V
  2. 2. Phishing is a social engineering tactic where the attacker attempts to get a user to divulge sensitive information (like username/password, bank account number, personal information, etc.) or go to a malicious website where such information can be harvested. It uses "bait" such as telling the user that they are their bank asking for the information or posing as some other authority like the system administrator. Usually it is delivered by email or Instant Messenger. Spear phishing is a subset of phishing. Whereas general phishing targets a wide range of people trying to get some of them to divulge general information, spear phishing targets key individuals who are expected to have very special access or information that the attacker wants. It could be a company executive or a military officer. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Topics Covered 5/13/2014
  3. 3.  Spear Phishing is easiest and direct method to breach highly secured networks.  Phishing attacks are very common in nature and many of systems and networks has enabled defense mechanism.  Success rate is very high as user knows about the phishing attacks and unaware of spear phishing attacks.  Spear Phishing is part of social engineering.  No Cost at all, No tracking back. Increased usage of social networking made it very easy and reliable to hackers - Personal data, co- employees, locations, phone numbers , email ids. 5/13/2014
  4. 4.  Performing Reconnaissance  Scanning and enumeration  Gaining access  Escalation of privilege  Maintaining access  Covering tracks and placing backdoors 5/13/2014
  5. 5.  It by passes all the traditional attack methodology .  Gets direct front door entrance access. = There is no patch for human Mistakes. 5/17/2014
  6. 6. It just by Email /link/attachment same as Phishing, the only difference is , this attack is specific to targeted domains and targets victims. Targeted Email From some you trust (Patient attacker) About something your interest, like, trust. 5/13/2014
  7. 7. Attacker gains all the knowledge about victim (user/company) , this knowledge includes his/her likes, dislikes, Interests, Favorites, Hobbies ,Personal information, Address etc. Where does attacker gets all this info from ? Well, every one knows this answer. 1) Social networking sites 2) Blog 3) Job Portals 4) Matrimonial sites 5) Social engineering 5/13/2014
  8. 8. Now attacker creates email similar to victims team mate/supervisor/MD of company etc. email in different domains. Below are few examples. 1) victimfullname@email.com 2) Victimname.dob@email.com 3) Victimpetname.city@email.com 4) Vicitmname.company@email.com Real time example :- 5/13/2014
  9. 9. Attackers send the email to which phishing link using all the social engineering knowledge gained. Most of the common scenarios, victim thinks that email is from his friends/teammates/boss. This is how attacker gains the trust of victim. 5/13/2014
  10. 10.  Never use your personal email for work purpose.  Add Spear Phishing as part of your regular VAPT activity.  Establish Policy and best practices for email usage.  Block all the emails other than self domains ?? 5/13/2014
  11. 11.  http://wiki.answers.com/Q/What_is_the_difference_between_phishin g_and_spear_fishing
  12. 12. Thank you Impossible is later called as miracle, its all about how you look at it. – Hari
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×