Phising Attacks: Malafide Intentions Personified ~ Blog, PC Care 247 Tech Support Redefined

Saturday, 17 December 2011

Phising Attacks: Malafide Intentions Personified

In the times gone by, it was observed financial credentials ended up bearing the brunt of phishing attacks. But Snap!! Coming back to the present, phishing attacks have evolved; targeting sensitive corporate data. A fact evidenced by high-profile data breaches. At the receiving end have been organizations targeted with advanced persistent threats and phishing and spear-phishing emails posing as entry vectors.

Email SupportSo Take Care!! Representing the greatest threat to even the biggest organizations they are there to decimate the best defense put forth by you.

Phishing Attacks high on Adrenaline Rush
The seriousness of phishing threats may sound very theoretical, but a harsh reality is – “phishing attacks are achieving their malicious goals”. Organizations are on the knife’s edge thanks to devastating breaches resulting from phishing and spear-phishing attacks. With attackers leaving no stone unturned to utilize a broad spectrum of technologies and techniques. Highly focused and persistent, often these attacks are considered to be highly opportunistic in their orientation.

Specimens of a Phish Attack
  • Phishing emails sent – employees are not necessarily high profile or high value targets.
  • Email is crafted well enough and even if it is caught by the email security solution employees may be   tricked into retrieving it from their quarantine.
  • The employee then clicks on the URL in the message, initiating a drive-by download of malware.
  • Malware may be designed to coax a desktop machine to reach out to command and control servers.
  • Malware propagates across the network, searching for specific user accounts with relevant privileges (initial entry points/accounts may not have sufficient administrative rights).
  • With sufficient privileges and target systems reached, data is acquired and staged for exfiltration.
  • Data is exfiltrated (extracted outside the organization), typically via encrypted files over available ports – FTP, HTTP, or SMTP.

No comments:

Post a Comment Copyright © 2012-2013 by PCCare247 Solutions (P) Ltd.