Spear-Phishing

Spear PhishingWhat is it?

Spear-Phishing is a targeted attack on a corporation.  It is basically a legitimate looking email, from a supposed internal source that requests some information specific to the corporation.  This could be a link that downloads some form of targeted malware, or maybe just asking for their username and password, or maybe an account code, it could be anything.

How is Spear-Phishing different from regular Phishing?

In a regular phishing attack, a generic email is spammed to the world.  A phishing email is looking for bank information, or maybe PayPal or eBay login credentials.  It is basically looking for information for common sites that the general population uses.

A spear-phishing attack is different in that it is looking for information targeted to a specific company or individual.

How does a Spear-Phishing attack work?

For example let’s say that your company has been targeted and the intent is to steal intellectual corporate data.  The first step would be to use social engineering to get the names and contact information of the individuals that had access to the targeted data.  Step two would be to send an email to those particular individuals and request their login credentials.  Ideally the email would appear to come from someone in the company’s internal IT department so the user wouldn’t question the request, however the sender’s address would be spoofed so that the requested information would be send to the thief instead.  Now the thief has the necessary information to steal the intellectual property of the company.

How can I prevent being the victim of a Spear-Phishing attack?

Any email of any kind requesting the release of sensitive data, like usernames and passwords, regardless of source, should be questioned and verified.  Information should never just be blindly released, the request must be verified first.  Always consider the fact that any email you receive could be from someone else other than the portrayed sender.  Never ever click on a link in an email, regardless of who it’s from.

What do I do if I discover I’ve been the victim of a Spear-Phishing attack?

Report the incident immediately to the person responsible for your IT security.  If you’ve clicked a link, unplug the network from your computer and get your IT professional to investigate.  If you’ve released login credentials, change them immediately.

It’s not just you that has been hit

The following was published by SANS:

–US Nuclear Regulatory Commission Computers Infiltrated
(August 18, 2014)
Computers at the US Nuclear Regulatory Commission (NRC) were infiltrated several times in the past three years, according to the findings of an internal investigation. One attack was perpetrated through spear-phishing – an email message sent to just over 200 NRC employees attempted to get the recipients to provide their logon credentials.  About a dozen employees clicked the provided link. A second spear phishing attack attempted to infect recipients’ computers with malware.  A third incident involved someone breaking into an employee’s email account and sending malware to a handful of other employees. The NRC maintains information that adversaries would be interested in obtaining, including plant inventories of weapons-grade materials.

http://www.nextgov.com/cybersecurity/2014/08/exclusive-nuke-regulator-hacked-suspected-foreign-powers/91643/?oref=ng-HPtopstory

http://www.cnet.com/news/nuclear-commission-hacked-3-times-in-3-years/