If you are not the first time on our blog, you probably know what phishing is. If not, we strongly recommend reading this post. In general, phishing is a scam, the purpose of which is to steal your personal data: logins, passwords, wallet numbers, and so on. In fact, this is such a digital subspecies of social engineering.
There is a variety of phishing - target phishing, or spear-phishing. Actually, the name describes its essence well: spear phishing is phishing aimed at deceiving a specific person or employees of a specific company.
It is much more dangerous than regular phishing, as cybercriminals purposely collect information about the victim in order to make their trick message more convincing. A well-crafted spear-phishing email is sometimes very, very difficult to distinguish from a legitimate email that doesn't pursue malicious goals. Therefore, targeted phishing attacks are easier for victims.
Who Uses Spear-phishing and Why?
The tasks that cybercriminals solve using spear-phishing ultimately boil down to two options: steal money or get to secrets. In both cases, they first need to somehow get into the enterprise network. Quite often, malicious documents or archives attached to the letter are used for this. For example, this is how the attacks of the Silence group, about which we recently talked, began.
A document can be made malicious using macros in Microsoft Word or Javascript code - in fact, simple programs built into everything familiar files, the main and only purpose of which is to download a much more serious malware to the victim's computer. This malware then spreads over the network or simply intercepts all information that it can reach, and with its help, the attackers search within this network for what they need.
Common petty scammers do not use spearfishing - they try to spread their phishing campaigns as widely as possible. Small fraudsters do not have enough time to sharpen each letter for its recipient.
Spear phishing is a tool for serious attacks against large enterprises, banks, or famous people. It is used by large APT groups like Carbanak or BlackEnergy. Also, for example, it was spear phishing that was used in the Bad Rabbit attacks - the infection began with a letter.
Who is at Risk of Becoming a Victim of Spearfishing?
Most often, the target of spearfishing is either high-level employees who have access to potentially interesting information for cybercriminals or employees of departments who are forced to open many documents from third-party sources for their work.
For example, this applies to HR - they receive a lot of resumes in a variety of formats and absolutely calmly respond to letters from unknown sources with attachments. Other public departments are also vulnerable - PR, sales, and others.
Accountants are in a special risk zone. On the one hand, they communicate with contractors, regulatory authorities and God knows who else. On the other hand, they work with money and banking software, so they represent the main target for cybercriminals hunting for money.
Speaking of spies, they are interested in people with technical access to systems, that is, system administrators and IT specialists.
It may be misleading to think that spear phishing is only dangerous for large companies. But this is not the case - medium and small businesses are of no less interest to cybercriminals. It's just that if Enterprise companies are more likely to run into spies, then SMB is more likely to suffer from theft.
Phishing Protection?
In general, the techniques for protecting against spear phishing are about the same as for regular phishing - we have a post with 10 tips that practically guarantee you protection against these types of threats. Only in the case of spearfishing, you need to be even more careful and careful.
Ideally, the phishing email should never reach your inbox. So, when protecting business infrastructure, they should be weeded out at the level of the corporate mail server. For this, there are special software systems. For example, our Cloud Antivirus for Mail Server solution uses cloud-based technologies to block malicious attachments and phishing links.
However, for greater efficiency, the security system must be multilevel. After all, theoretically, employees can use third-party email services or receive a phishing link through a messenger. Therefore, it is better to install protection on workstations that can detect the malicious activity of applications through which attackers usually act. For example, Endpoint Security Software for Business can serve as such protection.
Comments
Post a Comment