Targeted attack instead of mass processing: Are you a potential spear phishing victim?

10. September, 2019

What unwanted messages did you have in your inbox today?

Everyone is familiar with those annoying emails that are designed to trick their addressees in various ways into executing attachments, disclosing confidential information or clicking on malicious links. Such mass-sent emails are classified as “phishing”, in which an attempt is made to find unwary victims by distributing them to many recipients. In contrast, “spear phishing” targets the weakest link in the security chain individually and specifically: the employees of a company.

Research and preparation for high precision and accuracy

In spear phishing, specific information is collected in advance in order to gain the trust and thus the cooperation of the victims. Depending on the opportunity and situation, attackers pretend to be business partners, colleagues, customers or service providers. They use matching sender names and familiar content to generate credibility and trust. Often, additional information from social media helps to make the requests appear even more credible. The goal is always the same: to persuade the victims to carry out actions in the interest of the attacker or to disclose internal information. It is about financial fraud, stealing business secrets or other valuable information.

How can you recognise such attacks?

A healthy distrust and knowledge of these attacks will help you to recognise fraud attempts. If you receive messages from supposed service providers, colleagues, customers or partners asking you to transmit confidential information, to check your account, to change your password or to perform other actions that are actually unusual – question and check them. Often, at second glance, you will find small discrepancies that do not correspond to the usual procedure. Since the first communication channel may be under the control of an attacker (e.g. if an email account has been taken over), check elsewhere, e.g. via a phone call. Additional communication can help identify and avert spear phishing attempts.

What preventive measures are possible?

Just as banks now communicate clearly and openly that personal data and account information will never be requested, comparable principles can be agreed internally within the company and be subject to active communication. Especially in critical company areas such as finance, development or support, sufficient training and sensitisation of all employees should be a matter of course. For important processes, the dual control principle is a possible safeguard. In addition, it is recommended not to make too much personal information about individuals and company internals freely accessible in order to minimise points of attack.

Why are spear phishing attacks still successful?

In the meantime, all employees in the company have been trained and sensitised to such incidents. However, this knowledge is not always applied consistently when concrete messages arrive from supposed colleagues or other trustworthy persons.  Spear phishing attempts are becoming more and more adapted and sophisticated to gain the trust of victims. Especially when friends or colleagues are in a supposed emergency situation and ask for help, caution and knowledge all too often fail. Two approaches help here: Regularly refreshing information and regular trainings, and a technological safety net. Good anti-malware systems can now also make many inconsistencies in messages and the reloading of malware visible and prevent them. IKARUS will be happy to advise you!

Worth reading:

Email security and protection against targeted attacks with IKARUS mail.security

HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download