Recently, I created a YouTube video in which I demonstrated the ease in which a spear phishing attack can be launched. It seemed logical to create a follow-up post about the video and explain some of the key points that were covered. If you haven't seen the video yet, I encourage you to do so by clicking below.
Spear Phishing Attack
Spear phishing attacks are similar to phishing attacks, except they have more precision. Definitely more precision than the picture to the right;). Spear phishing attacks are tailored to their victims with the goal of gaining the victim’s trust and convincing them to click a link, open an email attachment, or provide personal information to the attacker.
The spear phishing video demonstrates how a single email can be forged into a weapon. The attacker spoofs the email address and creates a sense of urgency for the victim by specifically crafting the subject line and text body. As soon as the victim opens the attached PDF, the attacker has complete control over their system.
Built as an advanced penetration testing tool, Kali Linux contains numerous security tools and exploits. It also happens to be the preferred Operating System of cyber criminals and pen testers around the world. In the spear phishing video, Kali Linux was used to launch the attack.
Visibility through WatchPoint Data
Without complete visibility, you can’t say with any real certainty what is good or bad about a system. Anti-virus will only provide a small glimpse as to what’s there, but Watch Point Data will give you the entire picture.
Through Carbon Black, the spear phishing attack launched against our victim was discovered at the moment of compromise and prevented from causing harm. Not only that but the source of the attack was exposed in seconds, allowing WatchPoint Data to patch any other vulnerable systems on the network and educate the end user about safe email habits.
Immediate Threat Isolation and Threat Banning
With a single mouse click, the victim’s computer is isolated and cut off from the rest of the network. This prevents the attack from spreading and takes control away from the attacker and back to where it belongs, in the hands of the good guys.
Immediate threat banning creates a network wide ban, hardening other systems and preventing them from being exploited.
Ask yourself the following questions. If my network was compromised today, when would I find out? And how much information could an attack steal during that time? Am I willing to risk it or am I ready to do something to protect my business?