Phishing is the falsified practice of sending emails claiming to be from trustworthy companies in direction to induce individuals to disclose personal information, such as passwords and credit card numbers, online Spear phishing is an e-mail spoofing scam attempt that targets a specific organization, in quest of unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be led by offenders out for financial gain, trade secrets.
Loss due to Spear Phishing
- Monetary loss if the data is been encrypted as they will ask for ransom to decrypted the data.
- Data loss if proper BCP (Business Continuity Plan) plan have not been implemented. If there will be no backup.
Steps involved in Spear Phishing
- An attacker will spoof the email-id of the higher designation present in the organization. Attacker will do this because then normal user can reply in haste without informing it to Information Security Department.
- Then attacker will target most privileged and in organization in respect to normal user.
- It might be like they will ask to reply as soon as possible or access the attachment and respond.
- If the user access the attachment for example there is excel or word attachment. Then it can contains malicious macro which will create some folder in specific drive.
- After infecting the system of the end user, the malicious content will communicate with command and control domain.
- It may be possible that data of the system will be uploaded to the server.
- Second case it may encrypt the files and ask for ransom to be paid then it will be decrypted.
- Always have rigorous suspicious and malicious content checking. There should be other security device just behind the email gateway. On email gateway we can apply the filter but obfuscated one will pass so for those some rigorous malware analysis appliances should be kept.
- Always configure the firewall with deny-all and allow those which are required. This configuration should be applicable on email gateway too.
- Guide user on regular basis on latest Information Security Trends and what are their roles.
- There should be defense in depth strategy.
- Internal auditing in the organization on fix interval of time. It will highlight the drawbacks in the security of the organization which can be patched up before it is been exploited by the attacker. No one is hundred percent secure but we can reduce the gap by proper control implementation.
End user should have brief knowledge of Information security related attacks. Should have basic knowledge of how the mail propagate through the network. User should have basic knowledge of the network in which he/she working as an employee and of the client for which he/she is serving.
Authored by Vivek Mishra
TCS Enterprise Security and Risk Management