SlideShare a Scribd company logo

Anatomy of a spear phishing attack

Download as PPTX, PDF
Mark Mair
Mark Mair

This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.

Education
1 of 18
devanha digital security 2018 Anatomy of a spear phishing attack Mark Mair CISSP CISA CCSP
devanha digital security 2018 What is phishing? Definition  Noun – the fraudulent practice of sending emails purporting to be from reputable sources in order to induce individuals to reveal personal or sensitive information, such as passwords and credit card numbers or carry out some other actions such as installing malicious software or otherwise bypassing security controls.
devanha digital security 2018 The scale of the problem.  Every day, 156 million phishing emails are sent.15.6 millional make it through spam filters, 8 million are opened, and 800,000 recipients click on the links. Source: Symantec Security Technology and Response Group
devanha digital security 2018 What is spear phishing? Definition  Noun – the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information or carry out other actions. It works because criminals have researched the target and constructed an email, voice mail or text message with a greatily increased likelihood of being actioned. It’s absed on knowing the targets likes, interests, work history, education, job title, home address, hobbies, friends and professional acquaintances etc. It’s done through research using freely available information.
devanha digital security 2018 Where do the criminals find this information? The target organizations website Press releases Social media Professional memberships Genealogy sites Google
devanha digital security 2018 Scenario #1 – IP Theft Criminals have identified the (fictitious) company Azimuth Drilling as a target  The company has developed a break through technology that will revolutionize Oil & Gas exploration.  The new technology is a result of many years of expensive R&D and field testing  Professional hackers have been engaged by an overseas competitor of Azimuth Drilling  The criminals objective is to gain access to Azimuth Drilling’s internal company network and steal engineering design drawings and field data
devanha digital security 2018 Research A quick search of the companies website has identified ”John Fenwick” as the director in charge of R&D. A search of companies house provides the criminals with home address and age of all the directors including John Fenwick. A google search has thrown up a picture of of John at the annual Sub Sea Golf tournament, proudly holding a trophy. A google street view search of John’s house reveals his 7 Series BMW parked in his driveway. A search of 192.com reveals the names of John’s neighbours and how long they have lived next to each other.
devanha digital security 2018 Research continued…  A check of Facebook for “John Fenwick” in Aberdeen throws up a few people with that name in that area.  He is quickly identified by matching is profile picture with that of him holding a golf trophy in the press release.  A check on his profile page under “family and relationships” reveals his mother and father’s names.  With his mother’s and fathers names, a check on the marriage section of a popular genealogy site finds their marriage details. This includes is mothers maiden name, a popular security question.  The photos section of his Facebook account shows many pictures of John at various golfing events, skiing on holiday and scuba diving.
devanha digital security 2018 Research continued… Switching to Linked In, the criminals are able to see other potentially useful information, such as: Previous work history Current and former work colleagues University education Industry groups he is a member of
devanha digital security 2018 The criminals now have:  the type of care he drives  the university he went to  when he graduated  what he graduated in  where he goes on holiday  and so the list goes on…. Identified a target  Found his  full name  age  marital status  job title  employer  neighbours  previous work history  mothers maiden name  hobbies and interests
devanha digital security 2018 Pretexting Armed with the information they now have, the criminals can create Spear Phishing emails targeted directly at John. These include:  An offer to test drive the new BMW 7 series  The chance to win a weeks golfing holiday in the Algarve  A white paper on breakthrough technologies in Oil & Gas  A link to a humorous website (compromised with malicious software) from a Facebook friend  An invite to a reunion with old University friendsAn encrypted document from an colleague that requires he installs special reader software to open it
devanha digital security 2018 The Sting The offer to test drive a new BMW, the golfing holiday in the Algarve and access to the industry whitepaper all require that he registers with the respective site making the offer. If he uses his work email and password combination used to access the company network, he has just handed access to the company network to the criminals! This type of scam uses professional looking websites to dupe the target into handing over their credentials. The sites may often have genuine information taken from legitimate websites and be aimed at multiple targets. This is known as a “Watering Hole”
devanha digital security 2018 The Sting continued… Visiting a compromised website could also install malicious software on John’s computer that would provide the criminals with all the access they need. Installing the “reader app” for the encrypted document, apparently sent by a colleague, installs software that provides the criminals with direct access to the company network. This type of software will often be a “key logger” that records key strokes on a keyboard. This would include other username and password combinations, as well as passwords to protected documents etc.
devanha digital security 2018 The impact To gain access to the company network the criminals needed only one Spear Phishing email to be acted upon. They were able to gain full access to the companies network as the target was a director with network credentials to “access all areas”. Many years of expensive R&D was now in the hands of the companies competitor. The release of a competing product based on Azimuth Drilling’s designs has lost them market advantage and resulted in a steep fall in the value of the company.
devanha digital security 2018 Does this scenario seem far fetched? A “whaling attack” is identical to Spear Phishing, it’s just that the target and pay-off are far greater.
devanha digital security 2018 “My business is too small to be a target”  It’s not just larger organisations that are impacted. In the past 18 months we have investigated:  One micro business (3 users) that lost their entire business related data to a Phishing initiated Ransomware attack.  A business that lost £1.2m to a Spear Phishing attack.  An engineering company that had their entire (7 years worth of) R&D data (stolen.  A company that had its financial systems compromised and £500,000 diverted to overseas bank accounts controlled by the criminals  ALL of these attacks were result of Phishing emails and could have been avoided had the staff in question understood the risks, methods and impact of phishing scams.
devanha digital security 2018 How can you stop these attacks? Firstly accept that the cyber crime is here to stay. It is an unwinnable war.  Each new technology offers criminals new opportunities to exploit weaknesses. The good guys will always be playing catchup.  Understand that the most expensive and sophisticated technical solutions to preventing cyber crime can be bypassed by the actions of a single employee or contractor.  Education is the first line of defence. Put all staff & contractors that have access to the companies IT systems through an security awareness training program. Make it part of the induction process.  Regularly test your organizations defences. This includes simulated phishing attacks to assess your staff’s susceptibility to this type of crime.
devanha digital security 2018 To find our more: Visit http://devanha.com/training for examples of off-the-shelf and bespoke user awareness training. If you have any questions contact me at:  https://www.linkedin.com/in/markmair or  enquiries@devanha.com or  Call +44 (0)1224 060440

Recommended

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 

Recommended

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internetijtsrd
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in PakistanMustufain Ahmed Ansari
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTIONKaterynaPetrova4
 
Phishing
PhishingPhishing
Phishingguicelacatalina
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hackingMd. Mehadi Hassan Bappy
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing
PhishingPhishing
PhishingArchit Mohanty
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 

More Related Content

What's hot

Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrimepronab Kurmi
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attackAariyaRathi
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 

What's hot (20)

Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
Phishing
PhishingPhishing
Phishing
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing
PhishingPhishing
Phishing
 

Similar to Anatomy of a spear phishing attack

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019ImekDesign
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 

Similar to Anatomy of a spear phishing attack (20)

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Anatomy of a spear phishing attack

  • 1. devanha digital security 2018 Anatomy of a spear phishing attack Mark Mair CISSP CISA CCSP
  • 2. devanha digital security 2018 What is phishing? Definition  Noun – the fraudulent practice of sending emails purporting to be from reputable sources in order to induce individuals to reveal personal or sensitive information, such as passwords and credit card numbers or carry out some other actions such as installing malicious software or otherwise bypassing security controls.
  • 3. devanha digital security 2018 The scale of the problem.  Every day, 156 million phishing emails are sent.15.6 millional make it through spam filters, 8 million are opened, and 800,000 recipients click on the links. Source: Symantec Security Technology and Response Group
  • 4. devanha digital security 2018 What is spear phishing? Definition  Noun – the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information or carry out other actions. It works because criminals have researched the target and constructed an email, voice mail or text message with a greatily increased likelihood of being actioned. It’s absed on knowing the targets likes, interests, work history, education, job title, home address, hobbies, friends and professional acquaintances etc. It’s done through research using freely available information.
  • 5. devanha digital security 2018 Where do the criminals find this information? The target organizations website Press releases Social media Professional memberships Genealogy sites Google
  • 6. devanha digital security 2018 Scenario #1 – IP Theft Criminals have identified the (fictitious) company Azimuth Drilling as a target  The company has developed a break through technology that will revolutionize Oil & Gas exploration.  The new technology is a result of many years of expensive R&D and field testing  Professional hackers have been engaged by an overseas competitor of Azimuth Drilling  The criminals objective is to gain access to Azimuth Drilling’s internal company network and steal engineering design drawings and field data
  • 7. devanha digital security 2018 Research A quick search of the companies website has identified ”John Fenwick” as the director in charge of R&D. A search of companies house provides the criminals with home address and age of all the directors including John Fenwick. A google search has thrown up a picture of of John at the annual Sub Sea Golf tournament, proudly holding a trophy. A google street view search of John’s house reveals his 7 Series BMW parked in his driveway. A search of 192.com reveals the names of John’s neighbours and how long they have lived next to each other.
  • 8. devanha digital security 2018 Research continued…  A check of Facebook for “John Fenwick” in Aberdeen throws up a few people with that name in that area.  He is quickly identified by matching is profile picture with that of him holding a golf trophy in the press release.  A check on his profile page under “family and relationships” reveals his mother and father’s names.  With his mother’s and fathers names, a check on the marriage section of a popular genealogy site finds their marriage details. This includes is mothers maiden name, a popular security question.  The photos section of his Facebook account shows many pictures of John at various golfing events, skiing on holiday and scuba diving.
  • 9. devanha digital security 2018 Research continued… Switching to Linked In, the criminals are able to see other potentially useful information, such as: Previous work history Current and former work colleagues University education Industry groups he is a member of
  • 10. devanha digital security 2018 The criminals now have:  the type of care he drives  the university he went to  when he graduated  what he graduated in  where he goes on holiday  and so the list goes on…. Identified a target  Found his  full name  age  marital status  job title  employer  neighbours  previous work history  mothers maiden name  hobbies and interests
  • 11. devanha digital security 2018 Pretexting Armed with the information they now have, the criminals can create Spear Phishing emails targeted directly at John. These include:  An offer to test drive the new BMW 7 series  The chance to win a weeks golfing holiday in the Algarve  A white paper on breakthrough technologies in Oil & Gas  A link to a humorous website (compromised with malicious software) from a Facebook friend  An invite to a reunion with old University friendsAn encrypted document from an colleague that requires he installs special reader software to open it
  • 12. devanha digital security 2018 The Sting The offer to test drive a new BMW, the golfing holiday in the Algarve and access to the industry whitepaper all require that he registers with the respective site making the offer. If he uses his work email and password combination used to access the company network, he has just handed access to the company network to the criminals! This type of scam uses professional looking websites to dupe the target into handing over their credentials. The sites may often have genuine information taken from legitimate websites and be aimed at multiple targets. This is known as a “Watering Hole”
  • 13. devanha digital security 2018 The Sting continued… Visiting a compromised website could also install malicious software on John’s computer that would provide the criminals with all the access they need. Installing the “reader app” for the encrypted document, apparently sent by a colleague, installs software that provides the criminals with direct access to the company network. This type of software will often be a “key logger” that records key strokes on a keyboard. This would include other username and password combinations, as well as passwords to protected documents etc.
  • 14. devanha digital security 2018 The impact To gain access to the company network the criminals needed only one Spear Phishing email to be acted upon. They were able to gain full access to the companies network as the target was a director with network credentials to “access all areas”. Many years of expensive R&D was now in the hands of the companies competitor. The release of a competing product based on Azimuth Drilling’s designs has lost them market advantage and resulted in a steep fall in the value of the company.
  • 15. devanha digital security 2018 Does this scenario seem far fetched? A “whaling attack” is identical to Spear Phishing, it’s just that the target and pay-off are far greater.
  • 16. devanha digital security 2018 “My business is too small to be a target”  It’s not just larger organisations that are impacted. In the past 18 months we have investigated:  One micro business (3 users) that lost their entire business related data to a Phishing initiated Ransomware attack.  A business that lost £1.2m to a Spear Phishing attack.  An engineering company that had their entire (7 years worth of) R&D data (stolen.  A company that had its financial systems compromised and £500,000 diverted to overseas bank accounts controlled by the criminals  ALL of these attacks were result of Phishing emails and could have been avoided had the staff in question understood the risks, methods and impact of phishing scams.
  • 17. devanha digital security 2018 How can you stop these attacks? Firstly accept that the cyber crime is here to stay. It is an unwinnable war.  Each new technology offers criminals new opportunities to exploit weaknesses. The good guys will always be playing catchup.  Understand that the most expensive and sophisticated technical solutions to preventing cyber crime can be bypassed by the actions of a single employee or contractor.  Education is the first line of defence. Put all staff & contractors that have access to the companies IT systems through an security awareness training program. Make it part of the induction process.  Regularly test your organizations defences. This includes simulated phishing attacks to assess your staff’s susceptibility to this type of crime.
  • 18. devanha digital security 2018 To find our more: Visit http://devanha.com/training for examples of off-the-shelf and bespoke user awareness training. If you have any questions contact me at:  https://www.linkedin.com/in/markmair or  enquiries@devanha.com or  Call +44 (0)1224 060440