![]() ![]() Nuspire’s Cunningham gives an example of a security-savvy client who nevertheless almost got snared by spear phishing. ![]() If attackers can glean personal information from your online presence, they’ll try to use that to their advantage as well. “All of these bots are monitoring LinkedIn, monitoring everything through scripts, and sending information hoping someone will fall for it,” he explains. “When people make a change to their LinkedIn and identify that they’ve joined Kaufman Rossin, in a matter of hours or even minutes they’ll get an email from our CEO-not from his Kaufman Rossin email, but something at -asking them to buy gift cards and things like that.” Of course, this email isn’t coming from the CEO at all, but rather an attacker who’s hoping to catch a new employee off guard. Jorge Rey, cybersecurity and compliance principal at Kaufman Rossin, a New York-based advisory firm, explains a common attack vector he’s seen. If they can’t hack their way into the communications system, an attacker could also turn to open source intelligence (OSINT), scouring social media or corporate communications to form a picture of their target. “When the time is right, they email the target using a believable context with insider information, such as bringing up past conversations or referencing specific amounts for a previous money transfer.” “Someone’s email within the targeted organization is compromised, and the attacker sits in the network for a while to monitor and track interesting conversations,” explains Ori Arbel, CTO of CYREBRO, a Tel Aviv-based security operations platform provider. But that’s just the first step in the process. One involves compromising an email or messaging system through other means-via ordinary phishing, for instance, or through a vulnerability in the email infrastructure. There are several ways an attacker can pull this off. How attackers get the personal information they need in order to craft a spear phishing email is a critical spear phishing technique, as the entire process of the attack depends on the messages being believable to the recipient. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |