SlideShare a Scribd company logo

Anatomy of a spear phishing attack

Download as PPTX, PDF
Mark Mair
Mark Mair

This is a presentation I have delivered to many organisations over the past 12 months on the subject of Spear Phishing. It shows how easily companies can fall victim to Spear Phishing attacks and the methods that criminals use to increase their chances of success.

Education
1 of 18
devanha digital security 2018 Anatomy of a spear phishing attack Mark Mair CISSP CISA CCSP
devanha digital security 2018 What is phishing? Definition  Noun – the fraudulent practice of sending emails purporting to be from reputable sources in order to induce individuals to reveal personal or sensitive information, such as passwords and credit card numbers or carry out some other actions such as installing malicious software or otherwise bypassing security controls.
devanha digital security 2018 The scale of the problem.  Every day, 156 million phishing emails are sent.15.6 millional make it through spam filters, 8 million are opened, and 800,000 recipients click on the links. Source: Symantec Security Technology and Response Group
devanha digital security 2018 What is spear phishing? Definition  Noun – the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information or carry out other actions. It works because criminals have researched the target and constructed an email, voice mail or text message with a greatily increased likelihood of being actioned. It’s absed on knowing the targets likes, interests, work history, education, job title, home address, hobbies, friends and professional acquaintances etc. It’s done through research using freely available information.
devanha digital security 2018 Where do the criminals find this information? The target organizations website Press releases Social media Professional memberships Genealogy sites Google
devanha digital security 2018 Scenario #1 – IP Theft Criminals have identified the (fictitious) company Azimuth Drilling as a target  The company has developed a break through technology that will revolutionize Oil & Gas exploration.  The new technology is a result of many years of expensive R&D and field testing  Professional hackers have been engaged by an overseas competitor of Azimuth Drilling  The criminals objective is to gain access to Azimuth Drilling’s internal company network and steal engineering design drawings and field data
devanha digital security 2018 Research A quick search of the companies website has identified ”John Fenwick” as the director in charge of R&D. A search of companies house provides the criminals with home address and age of all the directors including John Fenwick. A google search has thrown up a picture of of John at the annual Sub Sea Golf tournament, proudly holding a trophy. A google street view search of John’s house reveals his 7 Series BMW parked in his driveway. A search of 192.com reveals the names of John’s neighbours and how long they have lived next to each other.
devanha digital security 2018 Research continued…  A check of Facebook for “John Fenwick” in Aberdeen throws up a few people with that name in that area.  He is quickly identified by matching is profile picture with that of him holding a golf trophy in the press release.  A check on his profile page under “family and relationships” reveals his mother and father’s names.  With his mother’s and fathers names, a check on the marriage section of a popular genealogy site finds their marriage details. This includes is mothers maiden name, a popular security question.  The photos section of his Facebook account shows many pictures of John at various golfing events, skiing on holiday and scuba diving.
devanha digital security 2018 Research continued… Switching to Linked In, the criminals are able to see other potentially useful information, such as: Previous work history Current and former work colleagues University education Industry groups he is a member of
devanha digital security 2018 The criminals now have:  the type of care he drives  the university he went to  when he graduated  what he graduated in  where he goes on holiday  and so the list goes on…. Identified a target  Found his  full name  age  marital status  job title  employer  neighbours  previous work history  mothers maiden name  hobbies and interests
devanha digital security 2018 Pretexting Armed with the information they now have, the criminals can create Spear Phishing emails targeted directly at John. These include:  An offer to test drive the new BMW 7 series  The chance to win a weeks golfing holiday in the Algarve  A white paper on breakthrough technologies in Oil & Gas  A link to a humorous website (compromised with malicious software) from a Facebook friend  An invite to a reunion with old University friendsAn encrypted document from an colleague that requires he installs special reader software to open it
devanha digital security 2018 The Sting The offer to test drive a new BMW, the golfing holiday in the Algarve and access to the industry whitepaper all require that he registers with the respective site making the offer. If he uses his work email and password combination used to access the company network, he has just handed access to the company network to the criminals! This type of scam uses professional looking websites to dupe the target into handing over their credentials. The sites may often have genuine information taken from legitimate websites and be aimed at multiple targets. This is known as a “Watering Hole”
devanha digital security 2018 The Sting continued… Visiting a compromised website could also install malicious software on John’s computer that would provide the criminals with all the access they need. Installing the “reader app” for the encrypted document, apparently sent by a colleague, installs software that provides the criminals with direct access to the company network. This type of software will often be a “key logger” that records key strokes on a keyboard. This would include other username and password combinations, as well as passwords to protected documents etc.
devanha digital security 2018 The impact To gain access to the company network the criminals needed only one Spear Phishing email to be acted upon. They were able to gain full access to the companies network as the target was a director with network credentials to “access all areas”. Many years of expensive R&D was now in the hands of the companies competitor. The release of a competing product based on Azimuth Drilling’s designs has lost them market advantage and resulted in a steep fall in the value of the company.
devanha digital security 2018 Does this scenario seem far fetched? A “whaling attack” is identical to Spear Phishing, it’s just that the target and pay-off are far greater.
devanha digital security 2018 “My business is too small to be a target”  It’s not just larger organisations that are impacted. In the past 18 months we have investigated:  One micro business (3 users) that lost their entire business related data to a Phishing initiated Ransomware attack.  A business that lost £1.2m to a Spear Phishing attack.  An engineering company that had their entire (7 years worth of) R&D data (stolen.  A company that had its financial systems compromised and £500,000 diverted to overseas bank accounts controlled by the criminals  ALL of these attacks were result of Phishing emails and could have been avoided had the staff in question understood the risks, methods and impact of phishing scams.
devanha digital security 2018 How can you stop these attacks? Firstly accept that the cyber crime is here to stay. It is an unwinnable war.  Each new technology offers criminals new opportunities to exploit weaknesses. The good guys will always be playing catchup.  Understand that the most expensive and sophisticated technical solutions to preventing cyber crime can be bypassed by the actions of a single employee or contractor.  Education is the first line of defence. Put all staff & contractors that have access to the companies IT systems through an security awareness training program. Make it part of the induction process.  Regularly test your organizations defences. This includes simulated phishing attacks to assess your staff’s susceptibility to this type of crime.
devanha digital security 2018 To find our more: Visit http://devanha.com/training for examples of off-the-shelf and bespoke user awareness training. If you have any questions contact me at:  https://www.linkedin.com/in/markmair or  enquiries@devanha.com or  Call +44 (0)1224 060440

Recommended

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
Sendio
 

Recommended

Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
Alexander Decker
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
A Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the InternetA Survey Paper on Identity Theft in the Internet
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
bensonoo
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
Cyber crime in Pakistan
Cyber crime in PakistanCyber crime in Pakistan
Cyber crime in Pakistan
Mustufain Ahmed Ansari
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
Sendio
 
Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
pronab Kurmi
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
Sayali Dayama
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
KaterynaPetrova4
 
Phishing
PhishingPhishing
Phishing
guicelacatalina
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
AariyaRathi
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
Zeno Idzerda
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
Raghunath G
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
chiewmingli
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
Md. Mehadi Hassan Bappy
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 

More Related Content

What's hot

Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
pronab Kurmi
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
Sayali Dayama
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
KaterynaPetrova4
 
Phishing
PhishingPhishing
Phishing
guicelacatalina
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
AariyaRathi
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
Jagan Mohan
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
Zeno Idzerda
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
Raghunath G
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
Raviteja Chowdary Adusumalli
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
chiewmingli
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
Md. Mehadi Hassan Bappy
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
vineetkathan
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Phishing
PhishingPhishing
Phishing
Archit Mohanty
 

What's hot (20)

Impact of cybercrime
Impact of cybercrimeImpact of cybercrime
Impact of cybercrime
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
PHISHING PROTECTION
PHISHING PROTECTION PHISHING PROTECTION
PHISHING PROTECTION
 
Phishing
PhishingPhishing
Phishing
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
What is a phishing attack
What is a phishing attackWhat is a phishing attack
What is a phishing attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORT
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Phishing
PhishingPhishing
Phishing
 

Similar to Anatomy of a spear phishing attack

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
IRJET Journal
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
IRJET Journal
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
- Mark - Fullbright
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Mehrdad Jingoism
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
lior mazor
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
Blue Cross Blue Shield of Michigan
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
ImekDesign
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
AnastaciaShadelb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
ChantellPantoja184
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
Brafton
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
IRJET Journal
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
Carol Meng-Shih Wang
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 

Similar to Anatomy of a spear phishing attack (20)

Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Understanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health CareUnderstanding the Impact of Cyber Security in Health Care
Understanding the Impact of Cyber Security in Health Care
 
Adam Bulava GCC 2019
Adam Bulava GCC 2019Adam Bulava GCC 2019
Adam Bulava GCC 2019
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trends
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 

Recently uploaded

A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
sonukumargpnirsadhan
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
Prof. Dr. K. Adisesha
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
giancarloi8888
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
RamseyBerglund
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
deepaannamalai16
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
Nguyen Thanh Tu Collection
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
zuzanka
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
IsmaelVazquez38
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
Celine George
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
ImMuslim
 

Recently uploaded (20)

A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
BPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end examBPSC-105 important questions for june term end exam
BPSC-105 important questions for june term end exam
 
Data Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsxData Structure using C by Dr. K Adisesha .ppsx
Data Structure using C by Dr. K Adisesha .ppsx
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
 
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
Electric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger HuntElectric Fetus - Record Store Scavenger Hunt
Electric Fetus - Record Store Scavenger Hunt
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.HYPERTENSION - SLIDE SHARE PRESENTATION.
HYPERTENSION - SLIDE SHARE PRESENTATION.
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
 
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptxRESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
RESULTS OF THE EVALUATION QUESTIONNAIRE.pptx
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.Bossa N’ Roll Records by Ismael Vazquez.
Bossa N’ Roll Records by Ismael Vazquez.
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
Geography as a Discipline Chapter 1 __ Class 11 Geography NCERT _ Class Notes...
 

Anatomy of a spear phishing attack

  • 1. devanha digital security 2018 Anatomy of a spear phishing attack Mark Mair CISSP CISA CCSP
  • 2. devanha digital security 2018 What is phishing? Definition  Noun – the fraudulent practice of sending emails purporting to be from reputable sources in order to induce individuals to reveal personal or sensitive information, such as passwords and credit card numbers or carry out some other actions such as installing malicious software or otherwise bypassing security controls.
  • 3. devanha digital security 2018 The scale of the problem.  Every day, 156 million phishing emails are sent.15.6 millional make it through spam filters, 8 million are opened, and 800,000 recipients click on the links. Source: Symantec Security Technology and Response Group
  • 4. devanha digital security 2018 What is spear phishing? Definition  Noun – the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information or carry out other actions. It works because criminals have researched the target and constructed an email, voice mail or text message with a greatily increased likelihood of being actioned. It’s absed on knowing the targets likes, interests, work history, education, job title, home address, hobbies, friends and professional acquaintances etc. It’s done through research using freely available information.
  • 5. devanha digital security 2018 Where do the criminals find this information? The target organizations website Press releases Social media Professional memberships Genealogy sites Google
  • 6. devanha digital security 2018 Scenario #1 – IP Theft Criminals have identified the (fictitious) company Azimuth Drilling as a target  The company has developed a break through technology that will revolutionize Oil & Gas exploration.  The new technology is a result of many years of expensive R&D and field testing  Professional hackers have been engaged by an overseas competitor of Azimuth Drilling  The criminals objective is to gain access to Azimuth Drilling’s internal company network and steal engineering design drawings and field data
  • 7. devanha digital security 2018 Research A quick search of the companies website has identified ”John Fenwick” as the director in charge of R&D. A search of companies house provides the criminals with home address and age of all the directors including John Fenwick. A google search has thrown up a picture of of John at the annual Sub Sea Golf tournament, proudly holding a trophy. A google street view search of John’s house reveals his 7 Series BMW parked in his driveway. A search of 192.com reveals the names of John’s neighbours and how long they have lived next to each other.
  • 8. devanha digital security 2018 Research continued…  A check of Facebook for “John Fenwick” in Aberdeen throws up a few people with that name in that area.  He is quickly identified by matching is profile picture with that of him holding a golf trophy in the press release.  A check on his profile page under “family and relationships” reveals his mother and father’s names.  With his mother’s and fathers names, a check on the marriage section of a popular genealogy site finds their marriage details. This includes is mothers maiden name, a popular security question.  The photos section of his Facebook account shows many pictures of John at various golfing events, skiing on holiday and scuba diving.
  • 9. devanha digital security 2018 Research continued… Switching to Linked In, the criminals are able to see other potentially useful information, such as: Previous work history Current and former work colleagues University education Industry groups he is a member of
  • 10. devanha digital security 2018 The criminals now have:  the type of care he drives  the university he went to  when he graduated  what he graduated in  where he goes on holiday  and so the list goes on…. Identified a target  Found his  full name  age  marital status  job title  employer  neighbours  previous work history  mothers maiden name  hobbies and interests
  • 11. devanha digital security 2018 Pretexting Armed with the information they now have, the criminals can create Spear Phishing emails targeted directly at John. These include:  An offer to test drive the new BMW 7 series  The chance to win a weeks golfing holiday in the Algarve  A white paper on breakthrough technologies in Oil & Gas  A link to a humorous website (compromised with malicious software) from a Facebook friend  An invite to a reunion with old University friendsAn encrypted document from an colleague that requires he installs special reader software to open it
  • 12. devanha digital security 2018 The Sting The offer to test drive a new BMW, the golfing holiday in the Algarve and access to the industry whitepaper all require that he registers with the respective site making the offer. If he uses his work email and password combination used to access the company network, he has just handed access to the company network to the criminals! This type of scam uses professional looking websites to dupe the target into handing over their credentials. The sites may often have genuine information taken from legitimate websites and be aimed at multiple targets. This is known as a “Watering Hole”
  • 13. devanha digital security 2018 The Sting continued… Visiting a compromised website could also install malicious software on John’s computer that would provide the criminals with all the access they need. Installing the “reader app” for the encrypted document, apparently sent by a colleague, installs software that provides the criminals with direct access to the company network. This type of software will often be a “key logger” that records key strokes on a keyboard. This would include other username and password combinations, as well as passwords to protected documents etc.
  • 14. devanha digital security 2018 The impact To gain access to the company network the criminals needed only one Spear Phishing email to be acted upon. They were able to gain full access to the companies network as the target was a director with network credentials to “access all areas”. Many years of expensive R&D was now in the hands of the companies competitor. The release of a competing product based on Azimuth Drilling’s designs has lost them market advantage and resulted in a steep fall in the value of the company.
  • 15. devanha digital security 2018 Does this scenario seem far fetched? A “whaling attack” is identical to Spear Phishing, it’s just that the target and pay-off are far greater.
  • 16. devanha digital security 2018 “My business is too small to be a target”  It’s not just larger organisations that are impacted. In the past 18 months we have investigated:  One micro business (3 users) that lost their entire business related data to a Phishing initiated Ransomware attack.  A business that lost £1.2m to a Spear Phishing attack.  An engineering company that had their entire (7 years worth of) R&D data (stolen.  A company that had its financial systems compromised and £500,000 diverted to overseas bank accounts controlled by the criminals  ALL of these attacks were result of Phishing emails and could have been avoided had the staff in question understood the risks, methods and impact of phishing scams.
  • 17. devanha digital security 2018 How can you stop these attacks? Firstly accept that the cyber crime is here to stay. It is an unwinnable war.  Each new technology offers criminals new opportunities to exploit weaknesses. The good guys will always be playing catchup.  Understand that the most expensive and sophisticated technical solutions to preventing cyber crime can be bypassed by the actions of a single employee or contractor.  Education is the first line of defence. Put all staff & contractors that have access to the companies IT systems through an security awareness training program. Make it part of the induction process.  Regularly test your organizations defences. This includes simulated phishing attacks to assess your staff’s susceptibility to this type of crime.
  • 18. devanha digital security 2018 To find our more: Visit http://devanha.com/training for examples of off-the-shelf and bespoke user awareness training. If you have any questions contact me at:  https://www.linkedin.com/in/markmair or  enquiries@devanha.com or  Call +44 (0)1224 060440