Spear-phishing Is The Next Threat After A Data Breach

Employees’ awareness must be a mandatory routine.

by Pedro Tavares,  CSIRT.UBI and seguranca-informatica.pt Founder

During the last years, we have observed a tremendous number of data breaches that have made headlines. Opening the online newspaper and reading news about a data breach has almost become a habit as they occur anywhere and at any time. In fact, the Internet has become a giant channel for data transactions, and all of this because anything is now online — our life, our digital identity, basically our digital footprint.

Today, digital information is seen as the “new petroleum” and organizations must apply the best security practices to keep save data from cyber attacks and possible data leaks.

2018 Data Breaches

If we look at the recent past, we easily realize that data breaches are indeed one of the biggest problems in this information era.  Besides, they can usually trigger other threats such as attacks based on social engineering.

Just looking at the current year, we can easily list devastating situations. Maintaining an updated list of data breaches is a very hard task as the number of threats are growing exponentially. For this reason, organizations have to improve their security strategies by training their employees in order to provide an improved reaction when events of this nature occur.

Data breaches must be detected early on inside the organization. This is mandatory since a leak typically represents a valuable point of attack from the cyber attacker perspective.

How cyber attackers can use data breaches to their own profit

After a data breach, an immense quantity of data is leaked and exposed online (often personal and professional information). Due to this, spear-phishing attacks are highly targeted and customized and are far more likely to succeed than traditional phishing attacks. This way, crooks can use all the exposed information to produce huge phishing campaigns strictly targeting an organization.

In general, spear-phishing represents a targeted email scam for the sole purpose of gaining unauthorized access to sensitive data. Unlike phishing scams, which perform wide and scattered attacks, spear-phishing focuses only on a specific group (a restrict target). Crooks typically use data exposed by a data breach to obtain more information about the victim and the organization. In order to increase the success rate these kinds of attacks, the messages often contain urgent explanations on why they need sensitive information. At this time, victims are coaxed to open a malicious attachment or click on a link that takes them to a spoofed website where they are asked to provide sensitive information, such as passwords, account numbers, credit card numbers, access codes and personal information numbers (PINs).

Figure 1 below presents how that type of attacks can be performed by crooks

Figure 1: General workflow of a spear-phishing attack.

How to avoid spear-phishing attacks

If you think you were infected through a spear-phishing attack, the rule of thumb is very simple: do not panic over it! Only opening an email that can be represented by a scam campaign will not affect your computer.

There are some measures that you need know to avoid spear-phishing attacks and also to detect them saving thus all organization against this plague.

   If you think that you have indeed been a victim of a phishing attack, then immediately disconnect the computer from the network.

   Do not make it easy, talk to your colleagues about it. Flag the email as phishing and communicate the potential phishing scam to your organization’s IT, team. They will address you towards the next steps.

   Be proactive! You can perform a phishing/malware scan in your computer (especially when you open an attachment).

   Change your passwords. This must be adopted as a monthly task. Use and encourage your colleagues to follow a cyber-hygiene routine in order to protect their personal information away from crooks.

   Try to understand what the source of the malicious email is. Check whether your information was exposed by a data breach online and communicate that.

   And finally, use logic. Every time that you open an email from a “friend” asking for personal information (including passwords, or other sensitive data), you should carefully check if the email address is legitimate. Use an old strategy: personally talk to your friend.

Conclusion

Traditional security often fails to prevent spear-phishing attacks, as they are expertly customized. The error of an employee can have serious consequences for organizations and sensitive information can be

exposed when the appropriate measures are not adopted at the right moment.

Fraudulent campaigns are performed by crooks typically when a data breach occurs. Organizations need to be prepared to fight this threat face to face, eyes to eyes. That is why data breaches must be always detected as early as possible in order to inform and aware organization’s employees against potential spear-phishing attacks in the wild.

About the Author

Pedro Tavares is a cybersecurity professional and a founding member and Pentester of CSIRT.UBI and the founder of seguranca-informatica.pt.In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks.  He is also a Freelance Writer.