Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spear Phishing Ways to Minimize its Risks

Published byBryan Harrell Modified over 5 years ago

Similar presentations

Presentation on theme: "Spear Phishing Ways to Minimize its Risks"— Presentation transcript:

1 Spear Phishing Ways to Minimize its Risks
By Basiru A. Mohammed Mercy College

2 What Is It? Spear Phishing is a social engineering attack
Phishing attacks trick victims into providing their credentials It can also be used to create a backdoor within an organization’s system 97% of participants fell for at least one of the phishing messages sent to them in the phishing experiment [1] Due to the human negligence or errors, phishing attacks in general have become one of the most successful attacks

3 What do we know? Spear phishing are attacks on renowned individuals
Phishing attacks are a form of Advanced Persistent Threat where the attacker seeks to gain information and remain undetected for a long period of time According to a Trend Micro’s findings on APT related spear phishing, 91% of targeted attacks involve spear-phishing s [2]

4 How is it done? Use of embedded link within an with the aim of harvesting credentials of victims Creation of malicious program as an attachment to an to create a backdoor via Trojan Obtaining information through the phone by impersonation Spoofing the sender address to make messages look credible

5 Is that Even Possible? Goal is to make victim believe it’s from a trusted source Starts with extensive reconnaissance Recon enables the hackers to streamline the s sent to their targets sent contain a stealthy malicious program or a link to a fake website designed by the hacker Downloading the attachment of the will enables the Trojan to be installed on the target’s computer Or clicking the link takes targets to a malicious website to collect their credentials

6 Website Attack Vectors
Using Kali Linux, type sudo setoolkit and press enter. Press ‘y’ to agree to the license agreement Select menu 1 and press enter, which will also take you to another menu. From the next menu, select 2 ‘Website Attack Vectors’ and enter From the next menu presented, select 3 ‘Credential Harvester Attack Method’ and enter From the next menu presented, select 2 ‘ Site Cloner’ and enter It will demand you to provide an IP address, if you don’t have it handy, open another terminal and type sudo ifconfig to obtain the IP address of your system Enter the URL to be cloned, for instance A new URL will be presented to you Compose an , copy and embed the URL created in the Keep the terminal opened as you will receive the credentials there.

7 Spear Phishing Attack Vectors
Using Kali Linux, type sudo setoolkit and press enter. Press ‘y’ to agree to the license agreement Select menu 1 and press enter, which will also take you to another menu. From the next menu, select 1 ‘Spear-Phishing Attack Vectors’ and hit enter From the next menu presented, select 2 ‘Create a FileFormat Payload’ and hit enter At the next menu, select 4 ‘Microsoft Word RTF Fragments MS10_87 At the next menu, select 5 ‘Windows Meterpreter Reverse_TCP(x64) Enter a port number or keep the default 443 After creating the malicious file, rename the Attach the malicious file in the created to trick the victim.

8 What Can Be Done? Institutional
Educate employees Conduct mock phishing attack scenarios Protect network from unwanted programs Use legitimate applications from trusted vendors a keep it updated Install antivirus for both network and internal systems Use of a firewall and web filters to block malicious websites Encrypt all sensitive company information Develop a comprehensive policy for BYOD and other security policies

9 What Can Be Done? Individuals
Avoid sharing too much information on social media Avoid opening files or following links from unknown sources. Make use of the spam filters on your applications. Investigate every that has a link or attachment. Make use of a very good antivirus software and update it regularly. Make use of a firewall for your private network. Do not share personal information with websites that do not make use of two-factor authentication.

10 What Have We Learnt? As cyber-attacks are becoming more sophisticated, more people are falling victims. According to SANS Institute, 95% of all attacks on enterprise networks are result of successful spear phishing [2] Based on our knowledge of Spear phishing attacks we can deploy the necessary measures to minimize our risk of falling victims to them.

11 References [1] Egelman S., Cranor F. L. and Hong J., “You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings,” CHI 2008 Proceedings-Am I Safe, April Available: ACM Digital Library, proxy.mercy.edu/citation.cfm?id= [Accessed February18, 2018]. [2] Micro, T. (2012). Spear-Phishing Most Favored APT Attack Bait. Trend Micro, trendmicro. com. au/cloud- content/us/pdfs/security-intelligence/white-papers/wp-spear- phishing- -most-favored-apt-attack-bait. pdf (Accessed March 1, 2018). [3] Weinberg N. How to Blunt Spear Phishing Attacks, March 6, Retrieved from: security/how-to-blunt-spear-phishing-attacks.html. [Accessed March 1, 2018].

Download ppt "Spear Phishing Ways to Minimize its Risks"

Similar presentations

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.

How to avoid Viruses and Malware on your Computer Use a firewall Using a firewall is like locking the front door to your house—it helps keep intruders.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Quiz Review.

Quiz Review.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration www.nasa.gov.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.

The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.

Security Awareness ITS SECURITY TRAINING. Why am I here ? Isn’t security an IT problem ?  Technology can address only a small fraction of security risks.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may. 2010 University of Palestine.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Computer Security By Rachel Gaines. Computers are used for work, play, and everything in between. So here’s how to keep it fun and protected.

Computer Security By Rachel Gaines. Computers are used for work, play, and everything in between. So here’s how to keep it fun and protected.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

The way to avoid being trap into cyber crime. What is cyber crime? The Department of Justice categorizes computer crime in three ways: 1. The computer.

Similar presentations

Ads by Google