SPEAR PHISHING ATTACK

Spear phishing is an email or electronic communications scam targeted towards a specific

individual, organization or business. Although often intended to steal data for malicious
purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

How the attack works?

An email arrives, apparently from a trustworthy source, but instead it leads the unknowing
recipient to a bogus website full of malware. These emails often use clever tactics to get victims'
attention. For example, the FBI has warned of spear phishing scams where the emails appeared
to be from the National Centre for Missing and Exploited Children.

Many times, government-sponsored hackers and hacktivists are behind these attacks.
Cybercriminals do the same with the intention to resell confidential data to governments and
private companies. These cybercriminals employ individually designed approaches and social
engineering techniques to effectively personalize messages and websites. As a result, even
high-ranking targets within organizations, like top executives, can find themselves opening
emails they thought were safe. That slip-up enables cybercriminals to steal the data they need
in order to attack their networks.
Anatomy of Spear Phishing Attack
Scenarios:
While checking your email you may receive an alarming message which asks you to reset your
password or any such mails that instils fear on the user. Hence the user may provide any such
details as requested by the Hackers.

Spear Phishing may lead you to any other Banking site that appears to be genuine, such that
users get complete confidence that it is their real Banking site and start to enter their private
data. These sites are so designed perfectly to obtain user’s trust.
As shown above, the Phishing emails are controlled by Hackers, who are waiting for the users
to provide their data. Using the given data, they may take away money, change passwords,
steel identity, or any other tasks desired by the user.

The users who are aware of the sites used by them, can easily identify Phishing. Some of the
Techniques to identify Phishing emails are as shown in the figure below:
Examples of Spear Phishing Attack
Defending Against Spear Phishing

Any form of phishing can ultimately lead to the compromise of sensitive data. If neglected, a
company could succumb to a targeted attack, which could result in data breaches, as seen in
notable incidents like the ones that affected JP Morgan, Home Depot, and Target—all of which
were attributed to spear phishing. Consequently, these companies lost millions of dollars along
with stolen customer records.

Similar to these recent data breach incidents, many small to mid-size businesses are being
targeted along with larger enterprises, as attackers see them as a backdoor gateway into larger
corporations. Also, due to the relatively smaller IT staff in small companies, it easier for
attackers to target them as they're likely to have less security infrastructure in place.

Because email is the most common entry point of targeted attacks, it is important to secure this
area against likely spear phishing attacks. Employee education is highly critical to combat
different phishing techniques. Training employees to spot misspellings, odd vocabulary, and
other indicators of suspicious mails could prevent a successful spear phishing attack.
Additionally, enterprises need an expanded and layered security solution that provides network
administrators the visibility, insight, and control needed to reduce the risk of targeted attacks
regardless of vector of choice.
 ENDPOINT MALWARE ATTACK
Endpoint security or endpoint protection is an approach to the protection of computer networks
that are remotely bridged to client devices. The connection of laptops, tablets, mobile phones
and other wireless devices to corporate networks creates attack paths for security threats.
Endpoint security attempts to ensure that such devices follow a definite level of compliance to
standards.

A malware attack is a type of cyberattack in which malware or malicious software performs

activities on the victim's computer system, usually without his/her knowledge. Many of the
modern malware codes like ransomware, spyware, and adware are also standalone software
programs that can spread to other computers and execute on their own.

Malware programs used in cybercrimes typically have some simple and well-known objectives.
Some of those objectives are:

Make money by stealing sensitive information such as online banking logins, credit card
numbers or intellectual properties. This is termed "identity theft," and involves stealing users
online credentials and using that to impersonate them. Cybercriminals can access the victim's
bank accounts and use them in a number of ways including physical theft, digitally laundering
money or selling the victim's data to other criminals.
Another objective of malware attacks is to extort money. This is often achieved by encrypting
the user's data with a password and asking money from the victim to decrypt it. This method is
known as a "ransomware attack" and can be very lucrative given the high value that the
individual or business places on digital information.

Fig: Flowchart of a Malware Attack (Malware Infection Chain)

Some of the methods to Detect Malware Attacks are:

1. Your computer is slowing down

2. Annoying ads are displayed
3. Crashes
4. Pop-up messages
5. Internet traffic suspiciously increases
6. Your browser homepage changed without your input
7. Unusual messages show unexpectedly
8. Your security solution is disabled
9. Your friends say they receive strange messages from you
10. Unfamiliar icons are displayed on your desktop
11. Unusual error messages
12. You can’t access the Control Panel
 13. Everything seems to work perfectly on your PC
14. You get the error on the browser
15. You get suspicious shortcut files

Mobile Malware Attack:

As with phishing and pharming, following a malicious link through the browser, email, social
media and the like are all vehicles for exploitation on a mobile device. But apps are what really
makes mobile a different target.

A malicious app can record sensitive information and send it to the attacker, dial premium-rate
phone numbers or simply make your phone unusable. Many pirated and cracked apps also
contain malware. For example, this often occurs when sideloading apps.

On Android sideloading can be done by downloading apps that are not from the official
Android Market by allowing “unknown sources” within the security settings. An Android
device can also be rooted for more flexibility and potentially risk. For iOS it’s a bit more
complicated but can be achieved by installing Xcode on a Mac and following several steps for
jailbreaking the device so you can get apps that are not from the Apple AppStore. But don’t
think that if the iOS device is not jailbroken and one refrains from sideloading that there is 100
percent security. AceDeceiver is a perfect example of malware that works on non-jailbroken
devices and was found to be stealing Apple IDs and passwords in early 2016 via apps
downloaded from the Apple AppStore.

The bottom line is that regardless of Android or iOS, there are several mechanisms to get apps
on a device and those apps may contain malware. Once installed, malware can do any
combination of nefarious actions already outlined as well as leak data, usually over SSL
communication to a nefarious or compromised destination site and steal information such as
files, histories, cookies and passwords.

Within the general category of mobile malware, certain kinds of smartphones are targeted more
often than others. Industry research shows that an overwhelming majority of mobile malware
targets the Android platform, rather than other popular mobile OS systems, like Apple’s iOS.
Various types of mobile malware include device data thieves and device spies that take certain
kinds of data and deliver it to hackers.

Fig: Malware Attacking Strategies

Another type of mobile malware is called root malware, or rooting malware, which gives
hackers certain administrative privileges and file access. There also are other kinds of mobile
malware that perform automatic transactions or communications without the device holder’s
knowledge.

One possible solution for limiting the potential for mobile malware is to upgrade to the latest
OS. Users also can look for smartphone manufacturer information about how it addresses
mobile viruses, malware and OS upgrades.
Defence Strategies for a Malware Attack:
Vulnerabilities:

Update your operating system, browsers, and plugins. If there’s an update to your computer
waiting in queue, don’t let it linger. Updates to operating systems, browsers, and plugins are
often released to patch any security vulnerabilities discovered. So, while you leave those
programs alone, cybercriminals can find their way in through the vulnerabilities. Bonus mobile
phone tip: To protect against security flaws in mobile phones, be sure your mobile phone
software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your
storage is full or your battery is low.

Enable click-to-play plugins. One of the more devious ways that exploit kits (EKs) are
delivered to your computer is through malvertising, or malicious ads. You needn’t even click
on the ad to become infected, and these malicious ads can live on prestigious, well-known sites.
Besides keeping your software patched so that exploit kits can’t do their dirty work, you can
help to block the exploit from ever being delivered by enabling click-to-play plugins.

Remove software you don’t use (especially legacy programs). So, you’re still running
Windows XP or Windows 7/8.1? Microsoft discontinued releasing software patches for
Windows XP in 2015, and Windows 7 and 8 are only under extended support. Using them
without support or the ability to patch will leave you wide open to exploit attacks. Take a look
at other legacy apps on your computer, such as Adobe Reader or older versions of media
players. If you’re not using them, best to remove.

Watch out for social engineering:

Another top method for infection is to scam users through social engineering. Whether that’s
an email that looks like it’s coming from your bank, a tech support scam, or a fishy social
media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By
being aware of the following top tactics, you can fend off uninvited malware guests:

Read emails with an eagle eye. Phishing is a cybercrime mainstay, and it’s successful only
when readers don’t pay attention or know what to look for. Check the sender’s address. Is it
from the actual company he or she claims? Hover over links provided in the body of the email.
Is the URL legit? Read the language of the email carefully. Are there weird line breaks?
Awkwardly-constructed sentences that sound foreign? And finally, know the typical methods
of communication for important organizations. Cybercriminals love spoofing banks via
SMS/text message or fake bank apps. Do not confirm personal data via text, especially social
security numbers. Again, when in doubt, contact your bank directly.

Do not believe the cold callers. On the flip side, there are those who may pick up the phone
and try to bamboozle you the good old-fashioned way. Tech support scammers love to call up
and pretend to be from Microsoft. They’ve detected an infection, they say. Don’t believe it.
Others may claim to have found credit card fraud or a loan overdue. Ask questions if something
feels sketchy. Ask about where that person is calling from, if you can call back, and then hang
up and check in with credit agencies, loan companies, and banks directly to be sure there isn’t
a problem.

Practice safe browsing:

There’s such a thing as good Internet hygiene. These are the things you should be doing to
protect against external and internal threats, whether you’ve lost your device and need to
retrieve it or want to stay protected when you shop online.

Use strong passwords and/or password managers. A strong password is unique, is not
written down anywhere, is changed often, and isn’t tied to easily found personal information,
like a birthday. It’s also not repeated for different logins. Admittedly, that’s a tough cookie to
chew on. If you don’t want to worry about remembering 5,462 different rotating passwords,
you may want to look into a password manager, which collects, remembers, and encrypts
passwords for your computer.

Make sure you’re on a secure connection. Look for the proper padlock icon to the left of the
URL. If it’s there, then that means the information passed between a website’s server and your
browser remains private. In addition, the URL should read “https” and not just “http.”

Log out of websites after you’re done. Did you log into your healthcare provider’s site using
your super-strong password? You could still be leaving yourself vulnerable if you don’t log
out, especially if you’re using a public computer. It’s not enough to just close the browser tab
or window. A person with enough technical prowess could access login information from
session cookies and sign into a site as you.
Layer your security:

All the safe browsing and careful vigilance in the world can’t protect you from all the threats
out there. Sometimes you need a professional to catch the poo that cybermonkeys are flinging.
So to keep your machine clean, invest in security software and layer it up with the following:

Use firewall, anti-malware, anti-ransomware, and anti-exploit technology. Your firewall

can detect and block some of the known bad guys. Meanwhile, Malwarebytes products use
multiple layers of tech to fend off sophisticated attacks from unknown agents, stopping
malware and ransomware infection in real time and shielding vulnerable programs from exploit
attack.

Security professionals agree a multi-layer approach—using not only multiple layers of security
technology but also user awareness—helps keep you protected from the bad guys and your
own mistakes.