- Get link
- X
- Other Apps
What is spear phishing?
If you are not the first time on our blog, you probably know what phishing is. If not, we strongly recommend reading this post. In general, phishing is a scam, the purpose of which is to steal your data: logins, passwords, wallet numbers, and so on. This is such a digital subspecies of social engineering.
There is a variety of phishing - target phishing, or spear-phishing. The name describes its essence well: spear phishing is phishing aimed at deceiving a specific person or employees of a specific company.
It is much more dangerous than regular phishing, as cybercriminals purposely collect information about the victim to make their trick message more convincing. A well-crafted spear-phishing email is sometimes very, very difficult to distinguish from a legitimate email that does not pursue malicious goals. Therefore, targeted phishing attacks are easier for victims.
Who uses spear-phishing and why
The tasks that cybercriminals solve using spear-phishing ultimately boil down to two options: steal money or get to secrets. In both cases, they first need to somehow penetrate the enterprise network. Quite often, malicious documents or archives attached to the letter are used for this. For example, this is how the attacks of the Silence group, about which we recently talked, began.
A document can be made malicious using macros in Microsoft Word or Javascript code - in fact, simple programs built into everything familiar files, the main and only purpose of which is to download a much more serious malware to the victim's computer. This malware then spreads over the network or simply intercepts all information that it can reach, and with its help, the attackers search inside this network for what they need.
Common petty scammers do not use spearfishing - they try to spread their phishing campaigns as widely as possible. Small fraudsters do not have enough time to sharpen each letter for its recipient.
Spear phishing is a tool for serious attacks on large enterprises, banks, or famous people. It is used by large APT groups like Carbanak or BlackEnergy. Also, for example, it was spear phishing that was used in the Bad Rabbit attacks - the infection began with a letter.
Who is at risk of becoming a victim of spearfishing?
Most often, the target of spearfishing is either high-level employees who have access to potentially interesting information for cybercriminals or employees of departments who are forced to open many documents from third-party sources for their work.
For example, this applies to HR - they receive a lot of resumes in a variety of formats and calmly respond to letters from unknown sources with attachments. Other public departments are also vulnerable - PR, sales, and others.
Accountants are in a special risk zone. On the one hand, they communicate with contractors, regulatory authorities and God knows who else. On the other hand, they work with money and banking software, so they represent the main target for cybercriminals hunting for money.
Speaking of spies, they are interested in people with technical access to systems, that is, system administrators and IT specialists.
It may be misleading to think that spear phishing is only dangerous for large companies. But this is not so - small and medium businesses are of no less interest to cybercriminals. It's just that if Enterprise companies are more likely to run into spies, then SMB is more likely to suffer from theft.
Phishing protection?
In general, the techniques for protecting against spear phishing are about the same as against regular phishing - we have a post with 10 tips that practically guarantee you protection against these types of threats. Only in the case of spearfishing, you need to be even more careful and careful.
Ideally, the phishing email should never reach your inbox. So, when protecting business infrastructure, they should be screened out at the level of the corporate mail server. For this, there are special software systems.
However, for greater efficiency, the security system must be multilevel. After all, theoretically, employees can use third-party email services or receive a phishing link through a messenger. Therefore, it is better to install protection on workstations that can detect malicious application activity through which cybercriminals usually act.
Protect yourself from spear-phishing with total security software.
Comments
Post a Comment