Sending emails to particular and well researched targets while posing as a trustworthy sender is known as spear phishing. The goal is to infect devices with malware or persuade victims to give over personal information or money. Spear phishing differs from other social engineering attacks in the way it is launched and the has specific targets rather than mass phishing attack.
Recent Spear phishing attack case
The attackers used a spear phishing assault, sending out bogus emails warning recipients of their failure to pay taxes. The URL, on the other hand, opens a zip file with malicious attachments that the target is ignorant of. The emails’ recipients said they were told to download an archive file (included in the email). You’ll get a bogus PDF file when you decompress it. Unknowingly, victims installed a modified version of Remote Utilities, a remote access software that would ping back to remote command and control servers in Russia and Germany.
Similar spear phishing attack that occurred
1. Spear phishing attack uses COVID-19 lure to target Ukraine governmentImpact: Collection of sensitive information from infected victim and Installation of Saint Bot Downloader on target (saint bot downloader is a malware downloader that been floated in recent weeks). This malware is used to dive stealers on compromised systems, but can also be used to deliver any malware. Virus total was used here for malware analysis.
3. Armorblox shows that threats are continuing to prey on COVID-19-related phishing emails tied to vaccines. As a result, the malicious email employs social engineering by instructing the recipient to fill out a form in order to acquire the vaccine. When a person opens the infected link, they are taken to a password phish.Researchers noted that the email was not polished, but a sign of what’s to come.
How does Spear phishing work
Basically hacker targets on the information that is easily available on social platform. Each spear phishing email looks original. They use specific information to lure victims into believing that they are legitimate emails. Sometimes, these messages are tailored to look like they are sent by a manager or even a high-level executive. Once user click on email link they will be provided to download some file or enter the confidential personal information. Once we do that the attacker has enough personal information about the user to build a new identity using the information they have.
We can only avoid these attacks by taking major preventive measure and these more targeted attacks preventive measures can be benefited from the same best practices used to detect phishing attacks. Keenly observing the clues that the said email is an attack. For example, the most typical approach for gaining access to any systems you have access to is through attachments that require a macro to open Or to not open any suspicious email attachmentUser should have always have an antivirus to make sure the system is affected by the attack or not. In a spear-phishing attack, two-factor authentication measures for login credentials can prevent attackers from gaining account using the information they stole. Users can benefit from security awareness training . Learning how to recognize the indicators of a potential spear-phishing email and what to do if they are the victim of one.
Credits: Apurva Pawar