Jamie Mackay | 24 March 2017
In this blog we will be looking at what phishing is and what are hackers looking for when deploying a ‘phish’ attack. You will have a high level overview of what phishing entails.
The word "phishing" was originally coined by hackers stealing accounts and passwords. By analogy with the sport of angling, Internet scammers were using email lures, setting out hooks to "fish" for passwords and financial data from the "sea" of Internet users.
Phishing is the method that an attacker might use to get an initial foot in the door of either an organisation or a person to steal anything from bank account details, personal information, to company’s financial records and client’s sensitive information.
It is not a new form of attack, but it is still, however, the preferred method of penetration for attackers because it preys on the one thing that an organisation can’t fully control…its employees.
How do Phishing attacks work?
Phishing attacks cleverly trick a user into performing a certain action, it might be to simply open an email, open an attachment, click on a link or even reply to an email that has requested sensitive personal information or important business information that the attacker can then use to gain access to senior employees.
Phishing has, and continues to be, a very effective form of breaching the defences of organisations.
Normally, once the phishing email is received the user will click a link to a legitimate looking website or download an attachment. A Remote Access Trojan (otherwise known as a RAT) or malware is then deployed onto the user’s desktop, providing the attacker access to an organisation’s IT infrastructure.
From here, the attacker can explore and gain access to other parts of the network, find the admin user and decrypt any passwords that will enable further access and provide leverage into other higher privileged zones including servers and databases, where the real value is.
With the main driver of a phishing attack being financial, phishing emails will attempt to get information such as passwords and bank account details in order to extract money from the victim or their organisation.
Recent reports suggest that smaller organisations are fast becoming the favoured target due to lack of awareness and not being prepared for an attack. The most common approach is for hackers to target this audience through ransomware attacks: using the same phishing process of gaining sensitive information (often, their client’s) that can be used to hold victims to financial ransom.
Through extensive research and development, NCC Group has developed a tool - Piranha - that helps organisations understand where their weaknesses are when it comes to phishing attempts, how exposed an organisation is and insights into what measures may need to be taken to improve the security.
NCC Group’s Piranha act as a simulated phishing tool to send out spoof emails to employees, fully measuring the impacts of the emails for different departments or seniority in terms of staff.
A combination of training, phishing simulation tools and communication are all methods that organisations should be utilising to ensure they mitigate the risks of a phishing attack.