Hacking today is, for the most part, run by large organized criminal gangs. Hacking generates hundreds of millions of dollars a year in revenue for these gangs. Because so much money is involved, these organizations can invest in developing new attacks and in finding ways around your defenses. These targeted attacks, sometimes called Advanced Persistent Threats (APTs), can be nearly impossible to detect and avoid. Many targeted attacks focus on individual users’ computers since they can then be used to gain access to data on servers. Let’s look at one of the most common targeted attacks, spear phishing attacks.
Spam is unwanted email, annoying but not directly harmful. But spam emails are the delivery method for phishing attacks, which try to get the recipient to open an attachment or click on a link, which then infects their system with malware such as a bot virus or reverse shell.
What is spear phishing?
Phishing emails are usually mass-produced and not targeted at individuals or organizations. Targeted phishing attacks are called spear phishing and are run against high-value targets as the initial phase of an attack aimed at stealing the organization's data.
Imagine a hacker wants to steal your organization’s data. They research your organization from its website and other online resources. The hackers find out the names of key executives and then target one or more with a spear-phishing attack. If your CEO has school-aged children, the hackers may attack and take over the email servers at the child’s school.
They then send a forged but authentic-seeming email to the CEO with an attachment that appears to be information about a school activity. This email comes from the actual school email server, so all the red flags we have been taught to look for (e.g. wrong email domain) are not present. There is nothing to arouse the target’s suspicion, so he opens the attachment and his office computer is infected with malware.
The malware will probably be a “reverse shell”, which wakes up late at night and connects to a computer run by the hackers, allowing them access to the target’s computer. From that starting point, the hackers can expand their access to other computers on the network until they ultimately gain access to servers with confidential information. By the way, your internet firewall offers no protection, as the reverse shell is already behind it, calling out to the hackers. This appears to the firewall as a legitimate web access.
How to Prevent Spear Phishing
Since modern targeted attacks like this are difficult to identify and avoid, what can your organization do? The best defense is to encrypt all files. If you practice whole disk encryption of sensitive data, even if files are stolen, nothing is really lost. Few hackers have the resources or time to break modern encryption. Other effective defenses against spear phishing are:
- Multi-factor Authentication (MFA)
The use of MFW limits the risk that stolen credentials pose to an organization's data.
- Domain-based Message Authentication, Reporting & Conformance (DMARC) Technology
DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages.
- Monitor Relationships
Spear phishing attacks often go against normal communication patterns between two email addresses. Cybersecurity teams can develop a graph or system to map the normal flow of communication between email addresses and use this to flag abnormal messages.
- Employee Training
What makes spear phishing attacks so effective is the fact that they rely on human error to be successful. The best way to combat phishing attacks is to hold regular training and testing of employees on phishing attacks.
Cybersecurity Best Practices
Unfortunately, there's not yet a way to make any web technology completely invulnerable to hackers and cybercrime. Cyber attacks continue to evolve every day, resulting in a need to be constantly improving and implementing new cybersecurity measures. This concept can be overwhelming for any cybersecurity team, no matter how big or small. That's why we've created a free ebook to help you design a comprehensive cybersecurity plan.