As tentativas de phishing são constantemente aprimoradas e tornadas mais sofisticadas e personalizadas. atualmente, carefully crafted spear phishing emails are being spread posing as airlines and financial departments. The attempts go so far that they imitate internal corporate travel and expenses systems. The end goal is always the same – delivering malware and stealing personal information from targets.
Spear Phishing Becomes Highly Personalized and Very Successful
The described airline phishing attack has been divulgado by Barracuda researchers. The attackers have included various techniques in their arsenal with the purpose of stealing sensitive details from victims and infect them with an advanced persistent threat.
Here’s an example of a subject line used by the phishers:
Fwd: United Airlines: Confirmation – Flight to Tokyo – $3,543.30
The attack is made of the following techniques:
- Impersonation. Attackers have initially researched the targeted organization’s structure and communication patterns. This is how emails become highly personalized leading to a very high click rate, sobre 90 por cento, representing one of the highest phishing click rates ever.
- Entrega de malware. In this campaign, a piece of APT (Ameaça persistente avançada) is dropped onto the network once the attachment is opened.
- Classical phishing. The attackers depend on the legitimacy of their emails to gather login credentials via a fake login page. Once these credentials are in the hands of the criminals, further access to internal and sensitive company data is granted.
The attacks that included links to a phishing website were designed to imitate an airline website, ou em outros casos, the expense or travel system used by the targeted company. This way the victim is lured into entering login credentials thus expanding the attack surface. As a result databases, email and file servers could be compromised.
What Could Organizations Do to Prevent Spear Phishing/ APT Attacks?
Organizations should employ a multi-layered security plan so that such attacks are prevented. The first layer of protection is sandboxing, followed by APT prevention. There are also advanced phishing engines that offer link protection which will search for websites with malicious code. Employee awareness and training shouldn’t be underestimated, também.