SPEAR PHISHING TESTING METHODOLOGY

Transcription

1 SPEAR PHISHING TESTING METHODOLOGY From An article on our Spear Phishing Testing which can be used in social engineering exercise to determine organization wide susceptibility to an APT style attack.

2 Document Tracker Author Version Summary of Changes Manasdeep September 2012 Document Created Network Intelligence (India) Pvt. Ltd. Page 2 of 6

3 Contents 1. Introduction for Spear Phishing Testing:... 5 Network Intelligence (India) Pvt. Ltd. Page 3 of 6

4 1. INTRODUCTION Spear phishing is an spoofing fraud attempt that targeting an organization to glean out confidential data and gain unauthorized access to organization's confidential data or internal network. Attacker may be motivated to carry confidential internal information to seek out financial gain, trade secrets or proprietary information. The s sent to internal employees in spear phishing attempt appear to originate from a high ranking authoritative source positioned in the company. It is purposefully done so that very few people will question the intent regarding this request and readily provide the "supposed authority" with the requested details. Necessary factors for successful spear phishing attack: a. A known trusted "highly placed" authoritative figure in organization b. The message must complement the context in what is being said and the contained information supplements its validity c. The recipient can draw a "firm need" or a logical reason for the request made by sender. Popular Techniques used for the Spear Phishing attack comprise of mixture of social engineering, client side attacks, and requests via social networking sites etc. Network Intelligence (India) Pvt. Ltd. Page 4 of 6

5 2. METHODOLOGY FOR SPEAR PHISHING TESTING: a. Identify targets We identify our target audience which can easily be convinced into believing our story. To know about their mode of working we can interact frequently with helpdesk employees, security guards etc. which are frequently involved in frontline customer interaction. We can use this gathered information to construct our fake impersonated identity handle to do spear phishing. b. Planning and Using Pretexts: While selecting your pretext background it is imperative to consider a few key questions: What problem am I trying to solve? What questions am I trying to answer? What information do I seek? The nature of the person whom we will be contacting One of attacker s goals in pre-texting is to bring the target to logical conclusion, to do that we must anticipate their attitudes to be spontaneous enough to lead them down the path we want. c. Establishing Trust: The attacker smartly walks through his way to the perimeter defence of "human trust" by impersonating as well known authoritative high ranking personnel requesting confidential details. For e.g. Hi, This is your system admin from mail server. We recently discovered that your mail was sending mail bounces. As per corporate policy, your mail address has been temporarily blocked for 48 hrs. Please reply with your user name and password by logging on ww.thisfakesite.com for verifying your account and saving it from getting blocked. d. Stresses the "need": The attacker now presses the urgency of the action required on part to be done by the user. He crafts the message accordingly which supports the context making it to appear genuine in eyes of victim. For e.g. If you don t activate your account by clicking this link within 48 hour deadline, as per corporate policy, your mail address will be permanently blocked and you will lose all your files and mails stored on the mail server. e. Convincing user: The attacker now has convinced user to take action to carry out the necessary action required to access the organization network. He gets friendly with user to assist him for revealing more sensitive details about the organization. For e.g. Thank you for your prompt and timely action. Unfortunately, I was unable to recover 2 mails belonging to your department. Please use the recovery backup website to login with your department credentials. Once you are logged in, your mails will be immediately restored. Thanks for your cooperation. Have a great day!! Network Intelligence (India) Pvt. Ltd. Page 5 of 6

6 f. Newer ways to get information: Attacker utilizes innovative tools, techniques and social interaction ways to ultimately obtain access in organization through various avenues. A good attacker doesn't uses the same trick repeatedly for long to evade detection which rules out consistency behaviour patterns emerging from the analyst point of view. g. Buffer periods: To iron out any possibility of any alarm raised due to emerging patterns of attempts, a buffer period of 1-2 weeks is usually taken to break the pattern chain. Popular Phishing Tools Used: SET (Social Engineering Toolkit) Super Phisher Creator Manual mass mailing via any mass mail solution Network Intelligence (India) Pvt. Ltd. Page 6 of 6