3. Earliest stages of phishing – more than 20 years ago
• First examples of credential harvesting:
• AOL emails in the ‘90s.
• First examples of malicious attachments:
• ILOVEYOU worm.
6. Type of information phished
• Attackers targeted wide audiences with phishing campaigns aimed at gathering
credentials, credit card information, personal information.
• The increase in e-commerce accelerated these trends.
7. What about spear-phishing?
• Spear-phishing required more sophistication due to accessibility of information.
• Previously attackers had to use newsletters and other sources to forge an attack.
• Today the internet contains huge amounts of information related to an individual.
8. Growing sophistication of phishing emails
• Thanks to awareness campaigns, emails with broken English and typos have a lower
success rate.
• Modern phishing emails tend to contain links to the legitimate site and official logos,
as well as names of actual employees and formal language.
9. The technical side of phishing
• Phishing techniques and malware have been continuously developing in
sophistication.
• Mostly due to modern preventive measures.
• Even with all the preventive measures available today, it is still possible to execute
even the oldest tricks in the book.
14. Office “features”
• Microsoft Office has historically enabled a huge amount of phishing attacks via
intended features.
• Examples include:
• Office macros
• Dynamic Data Exchange (DDE)
• Object Linking and Embedding (OLE)
• But most importantly…
• HTML Applications (HTA)
17. HTML Applications (HTA)
• HTML Applications can be used to run a number of languages, such as Javascript,
VBScript, JScript, etc.
• Can be used to execute Powershell and ActiveX controls.
• Everything is executed by mshta.exe.
19. What kind of information is being targeted today?
• Attackers search for:
• Medical data.
• Cryptocurrency keys.
• SSH keys.
• Corporate information.
• E-commerce information.
20. Sophistication
• Phishing sophistication has greatly increased – from the Nigerian prince phishing to
advanced attacks utilizing homographs, RLO characters, OAuth abuse, etc.
21. Attack vectors today
• Some old methods, such as .pdf.exe and macros still work.
• Occasional file format exploits.
• Microsoft Office and Windows feature abuses.
• HTML Applications seem immortal at this point.
• Zero days?