adversity-analysis

Adversity analysis : Understanding Spear Attacks :

The main purpose of the study is to unveil the anatomy of new spear phishing attacks methods, tools and targets. The severity of spear phishing attacks is taking new heights, these attacks not only try to unsolicited breach but also has become medium for extortions (Ransomware). Many public and private enterprises are now threatened by underground criminal economy. These threats are related to business continuity, business espionage and are just about cyber terrorism. For ensuring the feasibility of proposed research work, a systematic review of the algorithms , methods , mechanism of spear phishing attacks and defense were conducted . It seems that concept of phishing is analogous to concept of deceiving a person for some gains. The phishing was used first time in year 1996 and in year 1997 is was formalized ‘attack ‘ . Initially, misinformation was send to newsgroups for misleading people for gains. Then by next year large scale malicious email campaigns started with language that allured people into wrong deeds . By the year 2000 , key loggers were rampant to get login information of the people . When internet connectivity improved direct malicious urls were send to extract information from the victims and by 2002-3 , the cyber criminals added a modus operandi . This was use of messenger application like IM , IRC and screen loggers . By year 2004 , the “pharming “ methods were predominant . Now, the attackers were skilled in changing victim computer’s DNS setting and exploiting the vulnerabilities of the networks. In year 2005 , the term “spear phishing” was coined to make people sensitive about the “target victimization” . In 2006 , first phishing incidence was reported over VOIP networks. Now, the cybercrime awareness was increasing among the people around the world but at the very high cost . In 2007, people lost more than 3 billions of dollars due to phishing attacks .
With passage of time, the criminal communities got more organized and the rate of weaponization increased .People with malicious mindset increased and they people found more ways to deceive and exploit, not just the computer system, network but vulnerabilities of people. When social media started gaining ground, the hackers used this medium fulfill their goals for financial gains. It was found Facebook become the vehicle of crime . Facebook attracted more phishing attacks as compared to google and IRS based attacks in 2010. Just a year ago (2009) Symantec identified and blocked large number of impersonating organizations conducting malicious acts. But, it just not easy looking at the number of unique malwares found in year 2012 . The number is staggering 6 million malwares and the expanse of these malicious acts has now reached almost all the main countries connected by internet. Now, cloud computing is helping the Internet of things (IoT) industry boom. And the cybercrime actors are now spamming using smart TVs, refrigerators since the year 2014. Today, targeted attacks are common across industries including manufacturing, trading and services. The 2016 reports on spear phishing show that XXXXX…., From these reports, we can learn that the main vehicle of attacks in spear phishing are emails and communication media like Facebook etc. The main strategy revolves around sending email having attractive subject line and asking the target to click or download a malware that gathers information later on to its masters or conducts a credential harvester operation. In due course we learned the actual attack vectors involved in spear phishing attacks. It was found that without doing reconnaissance and research on their target the attacks don’t initiate the attacks mindlessly. For this , these attackers search for social profiles , company website , public documents and company interaction interactions and footprint . Once, this is done, the attackers enter into a phase called “Hook” . The attackers initiates the conversations with target company entity and starts the dirty game of spear phishing and victimization. In this process the attackers plays a game to make the relationships stronger and continues a dialog to achieve its ulterior motives. But before, the real play the attacker has to decide to do “human based social engineering moves “or computer based social engineering moves “or do both . The social engineering moves may consist of piggybacking, impersonating , eavesdropping ,reserve social engineering , dumpster diving etc. , In computer based social engineering attacks , lucrative advertisement , popups , links ,fake SMS, fake voip calls emails and messages are send to bait the target . In this act an insider may also be a part of their team. Such acts amount to phishing and Nigerian 419 kind of scams. The summary of such activities is given in table [] The spear phishing attack is primarily a combination of coordinated malicious activities that include:

a) Phishing Sites or Clone Site of Legitimates website Reference /Source b) Malicious Links that ask for information from the target. c) Phishing emails to the target e.g Sales report d) Unsolicited mobile/phone calls to the target(s) e) Social Media Requests e.g Facebook Friend requests f) Whatapp /Vine message messages with malicious links . g) Program Error Message e.g Adobe Flash player Error message h) Email with DLL /EXE i) Email with RTF word document . j) Email with Foxit pdf document k) Email with adobe pdf document . l) Pop Up m) Website clone n)

S.NO Attack Vector Description 1 Website This class of attacks include Web Jacking or Web site cloning , Spear Phishing or advance persistent threats (APT) ,Java Applet . 2 Infectious Media Malware , Adware , spyware that collect information 4 Mass eMailer/sms broad cast Attack Typically used for spamming with low expectations of return or used as Email Flood attack or DDoS attack in attempt to overflow email boxes . Emails may target human nature vulnerabilities (cry for help , bait )

5 Internet of things attack (IoT) Arduino based It is prone to attacks due to multiple endpoints in a IoT application ecosystem e.g malicious update of IoT device firmware to get target access .

Defense Mechanisms in Spear Phishing :

1. Training /Awareness Camps on Spear Phishing.
2. Fast Incidence Reporting and Sharing Mechanisms
3. Reverse Engineering the Attack Vectors
4. Machine Learning based spam filters (Naïve Bayes , SVM ,Random Forest )
5. Deep Learning Based spam filters
6. User Activity Profiling ( Behavior Models , Sequence Mining Models )
7. Honey Pot or Decoy mechanism
8. Applying Patches , updates regularly
9. Strong Multi level authentications
10. Natural Language based detection algorithms
11. Understanding the life cycle of spam , malware , botnets
12. Organizational /Company SWOT analysis in context of Hardening against spear phishing
13. Insider attack and BYOD activity monitoring mechanisms .
14. Blocking /Blacklisting IPs , Users etc .