What is Spear Phishing: 5 keys to protect your business

What is Spear Phishing: 5 keys to protect your business

Spear phishing is a highly targeted form of cyber-attack executed through personalised emails or messages to deceive specific individuals, characteristics that make it very dangerous and effective.

 

What is spear phishing?

Spear phishing is defined as a cyber attack technique that focuses on specific targets, as opposed to traditional phishing that targets a broad audience. In a spear phishing attack, cybercriminals research and collect information about their victims to create personalised and convincing messages. These messages often appear legitimate and may include details such as names, job titles, and professional relationships, which increases the likelihood that the victim will fall for the scam. The main goal of spear phishing is to trick the victim into revealing confidential information, such as passwords, banking details or sensitive corporate information. Attackers can use this information to commit fraud, steal identities or infiltrate corporate networks.

 

spear phishing

 

What is the difference between phishing and spear phishing?

Phishing and spear phishing are cyber-attack techniques that seek to trick victims into revealing sensitive information, but differ in their approach and execution.

Phishing is a massive and widespread attack. Cybercriminals send emails or messages to a large number of people, hoping that some will fall for it. These messages often look legitimate and may include links to fake websites that mimic real ones. The aim is to obtain information such as passwords, credit card numbers or personal data. Due to their mass nature, phishing messages are often less personalised and easier to detect. Spear phishing, on the other hand, is a targeted and personalised attack. Attackers research their victims and collect specific information about them, such as names, job titles, and professional relationships. They use this information to create highly personalised messages that appear to come from trusted sources. Because of their level of personalisation, spear phishing attacks are harder to detect and have a higher success rate. The goal is the same - to obtain sensitive information - but the approach is much more sophisticated and targeted. If you want to find out more about phishing techniques, click here→ Phishing: what it is and how many types there are.

 

How spear phishing attacks work

Due to their high level of customisation, spear phishing attacks take a long time to prepare and involve the attackers' actions of recognising and searching for exposed sensitive information. The preparation and execution phases of a spear phishing attack typically include:

Choice of target

Targeting is the first step in this type of attack. Attackers carefully select their victims based on their position, access to sensitive information or influence within an organisation. To choose a target, attackers conduct extensive research using various sources of information, such as social networks, corporate websites and public databases. Depending on the attacker's desired outcome, the target can be a senior manager of an organisation or a person with significant wealth, but also an employee with sufficient leverage to provide certain keys or carry out a specific action.

Target research

Once the target has been selected, the attackers then set about gathering detailed information about the victim in order to increase the likelihood of the attack's success. This research phase involves the use of various techniques and sources of information. Attackers usually start by searching for publicly available information on social networks, corporate websites and public databases. They analyse profiles on LinkedIn, Facebook, Twitter and other platforms to obtain data on the victim's professional and personal life. They may also review press releases, news articles and blogs to obtain more context about the organisation and the victim's role within it. Once this information is obtained, attackers enter the rest of the layers of the web, the deep web and the dark web, in search of leaked and exposed sensitive information about the victim or the organisation to which he or she belongs. This type of information, as it is not public and the victim is unaware of its exposure, is the most effective for the success of the attack. In addition, attackers can use social engineering techniques to obtain additional information. This includes sending test emails or making phone calls to collect specific data without arousing suspicion. This information obtained includes details about the victim's contacts, communication habits, personal and professional interests and is used by attackers to personalise the attack.

Creating and sending the message

Creating and sending the message is the final step in a spear phishing attack. Once the attackers have selected and studied their target, they use the information gathered to craft a highly personalised and convincing message. This message is designed to appear legitimate and relevant to the victim, thus increasing the likelihood that they will fall for it. The message can take various forms, such as an email, text message or social media communication. Attackers mimic the communication style of a person or entity trusted by the victim, such as a colleague, a superior or a financial institution. The content of the message may include malicious links, infected attachments, or requests for confidential information or specific actions. To increase the credibility of the message, attackers may use spoofing techniques to make the sender appear legitimate. They also often use urgency or scare tactics to pressure the victim to act quickly without much thought or analysis. Once the message is ready, the attackers send it to the victim with the intention that the victim will open it and follow the instructions provided. If the victim falls into the trap, they may reveal sensitive information, such as login credentials, or download malware that compromises their device and the organisation's network.

 

Keys to preventing spear phishing cyber attacks

To prevent a spear phishing cyber-attack, the keys cover a wide field ranging from the organisation's strategy to the analytical attitude of the individual.

Avoid suspicious links and files

One of the main tactics used in spear phishing is sending emails with malicious links or attachments. These links may redirect to fake websites designed to steal login credentials, while the attachments may contain malware that infects the victim's device. To protect yourself, it is crucial to be cautious when receiving unsolicited emails, especially those containing links or attachments. Before clicking on a link, it is advisable to verify the URL by hovering over the link to ensure that it leads to a legitimate website. In addition, it is important not to download or open attachments from unknown or suspicious senders.

Keeping software up to date

Cybercriminals often exploit vulnerabilities in software to carry out their attacks. These vulnerabilities are bugs or weaknesses in code that can be exploited to gain access to sensitive systems and data. When software developers discover these vulnerabilities, they often release updates or patches to fix them. If software is not updated regularly, these vulnerabilities remain open and can be exploited by attackers. Therefore, keeping software up to date is crucial to close these security gaps. Furthermore, software updates not only fix vulnerabilities, but also improve system functionality and performance, providing a more secure and efficient user experience. This includes operating systems, web browsers, applications and security software. To ensure that software is always up to date, it is advisable to enable automatic updates whenever possible. It is also important to watch for update notifications and apply them immediately.

 

spear phishing prevention examples

 

Cybersecurity training

Spear phishing is based on social engineering, where attackers trick victims into revealing sensitive information. Cybersecurity education and awareness helps individuals and organisations to recognise and avoid these fraud attempts. Proper cybersecurity training teaches users how to identify suspicious emails, malicious links and dangerous attachments. It also provides them with the necessary tools to verify the authenticity of communications and avoid falling into common traps. In addition, cybersecurity training fosters a culture of security within organisations. Well-informed employees are more likely to follow security best practices, such as using strong passwords, enabling two-factor authentication and regularly updating software. This significantly reduces the risk of a successful spear phishing attack.

Contact cyber-security and cyber-intelligence experts

Cybersecurity and cyber intelligence professionals have the knowledge and experience to identify and mitigate threats before they cause harm. By working with experts, organizations can benefit from a thorough assessment of their security systems and receive personalized recommendations to strengthen their defenses.
In addition, these professionals are aware of the latest cybersecurity trends and the tactics used by cybercriminals, allowing them to anticipate and neutralize potential attacks.
On the other hand, cyber intelligence experts specialize in data analysis and identifying suspicious patterns. They can monitor networks for unusual activity and provide early warnings about potential threats. Their ability to analyze large volumes of information and detect anomalous behavior and open security breaches is crucial to preventing spear phishing attacks.
You may be interested in→ Keys to preventing a data leak.

Establishing a proactive cyber security strategy

A proactive cyber security strategy involves anticipating threats and taking preventive measures before security incidents occur. This not only reduces the risk of successful attacks, but also minimises the impact of any intrusion attempts. The proactive security strategy starts with a comprehensive risk assessment to identify potential vulnerabilities in the organisation's systems and processes. Based on this assessment, appropriate security measures can be implemented. In addition, it is essential to establish clear policies and procedures for information security management. Finally, it is essential to continuously monitor the attack surface, both internally and externally, for suspicious activities, open breaches and exposed vulnerabilities.
Translated with DeepL.com (free version)

 

Relevant examples of spear phishing

There are numerous examples of spear phishing attacks in Spain and the rest of the world, demonstrating the proliferation of the technique.

Some highlights include:

  • Santander Bank (2020). Victims received emails that appeared to be from the bank, asking them to update their security information. This led several customers to reveal their banking credentials.
  • UK universities (2020). The attackers sent emails to students and staff at several UK universities, posing as the university's IT department and asking them to update their passwords. Several university accounts were compromised following the attack.
  • Hillary Clinton presidential campaign (2016). John Podesta was Hillary Clinton's campaign manager when he was the victim of a spear phishing attack. After receiving an email that appeared to come from Google, and following the procedure it instructed him to do, he changed his password on the platform. This allowed hackers to access his emails, which were then leaked.
  • Technology companies in Germany (2019). Attackers sent a group of German technology companies emails that appeared to come from IT service providers. In these emails, employees were asked to download important software updates, which led to the installation of malware on the companies' systems.

 

Enthec helps you to protect your organisation against spear phishing

Through its automated and continuous monitoring technology of the web, deep web, dark web, social networks and forums, Enthec helps organisations and individuals to locate leaked and exposed information within the reach of cybercriminals, to neutralise spear phishing attacks, implementing a proactive protection strategy. If you need to know more about how Enthec can help you protect your organisation and its employees against spear phishing, do not hesitate to contact us.

by Enthec

Enthec participates in the Spanish Chamber of Commerce GMC

This year, Madrid has hosted the Global Management Challenge (GMC), organised by the Spanish Chamber of Commerce and in which Enthec has participated as a guest. At the event, our COO, Lola Miravet, represented Enthec at the round table ‘What are companies looking for in universities?’ and shared her vision on the importance of young talent and what companies are looking for when recruiting new professionals. An interesting debate held together with great professionals from the sector such as Eva Rojo Cibrián from Banco Sabadell, Carlos Calleja from Akkodis, Alejandro Segura Professor at the Polytechnic University of Madrid, and Luis Cascales President of UniPymeMadrid. The Global Management Challenge is the world's largest business strategy and management competition, held annually and bringing together teams of students and professionals from more than 40 countries.

Enthec at the GMC Round Table

 

 

Enthec participates in the GMC

by Enthec

María Rojo in the SIC Magazine

María Rojo, CEO of Enthec, was interviewed by SIC Magazine for its February 2024 special edition. In the interview, Rojo answers the question about what will be the most complex and impactful threats and cyber-attacks of the year, highlighting their relevance and possible consequences. This appearance in the magazine reinforces Enthec's position in the cybersecurity sector, underlining its focus on advanced cyber surveillance technologies.
María Rojo, Enthec CEO

Our CEO, María Rojo, answers the question ‘Threats and cyber-attacks in 2024: which ones will be the most complex and high impact, whether they are expected or not?’, asked by SIC Magazine for its February special edition. Special report on cyber threats and cyber-attacks 2024.

by Enthec

Enthec Solutions obtains ENS high level certification

Enthec Solutions obtains ENS high level certification

With great satisfaction, we are pleased to announce that Enthec Solutions has just successfully completed the certification process of its Cybersecurity Services in the National Security Scheme (ENS) with high level.

Since its inception, Enthec has been committed to an unwavering commitment to the security of our customers, as the basis of trust in the business relationship. This commitment translates into absolute control over the development and operation of our solutions. Our entire offer is made up of cybersecurity solutions that use technology developed entirely by our team and without back doors, as they do not depend at any time on third parties. This characteristic makes us unique in the cybersecurity software development sector. Now, in addition to this internal control of the development and operation of our solutions, we add other external controls that guarantee the security of our products and processes, with the achievement of prestigious security certifications such as ENS high level and ISO 27001, in whose certification process we are already immersed. In this way, we continue to reinforce our commitment to the security of our customers, both from our offer of solutions to complete their cybersecurity strategy and from our own internal corporate structure.

Enthec certified ENS high

by Enthec

Relevance of perimeter cyber security for your business

perimeter cyber security in organisations

Relevance of perimeter cyber security for your business

The concept of an organisation's cyber-security perimeter is bound to expand to adapt to the increasing sophistication of cyber-attacks to encompass the external surface of the organisation as well.

What is perimeter security in cyber security?

In cyber security, perimeter security refers to the measures and technologies implemented to protect the boundaries of an organisation's internal network. Its main objective is to prevent unauthorised access and external threats by ensuring that only legitimate users and devices can access the network. Perimeter security is crucial because it acts as the first line of defence against cyber-attacks, acting as a barrier. By protecting the entry and exit points of the network, it reduces the risk of external threats compromising the integrity, confidentiality and availability of data. Key components of perimeter security in cyber security include:

  • Firewalls: act as a barrier between the internal and external network, filtering traffic based on predefined rules.
  • Intrusion Detection and Prevention Systems (IDS/IPS): monitor network traffic for suspicious activity and have the capability to take action to block attacks if necessary.
  • Virtual Private Networks (VPNs): allow secure and encrypted connections between remote users and the internal network. With the implementation of remote working, the use of VPNs in the enterprise has become widespread.
  • Web security gateways: filter web traffic to block malicious content and unauthorised sites.
  • Authentication and access control systems: verify the identity of users and control which resources they can access.

With the rise of remote working, the sophistication of attacks and the adoption of cloud technologies, perimeter security has evolved. Networks no longer have clearly defined boundaries, which has led to the development of approaches such as Zero Trust, where it is assumed that no entity, internal or external, is trusted by default, or concepts such as extended perimeter cybersecurity, which extends surveillance to the external perimeter of an organisation. If you want to keep up to date→ 5 cybersecurity trends you need to know about.

Network Perimeter Security Guidelines

In order to achieve effective network perimeter security, it is necessary for the organisation to follow, as a minimum, the following guidelines:

Authentication

Authentication ensures that only authorised users and devices can access network resources. It involves verifying the identity of users before allowing them access, which helps to prevent unauthorised access and potential threats. Different authentication methods include:

  1. Passwords. The most common method, but can be vulnerable if strong and unique passwords are not used or not stored securely.
  2. Two-factor authentication (2FA). It adds an additional layer of security by requiring a second factor, such as a code sent to the user's mobile phone.
  3. Biometric authentication. It uses unique physical characteristics, such as fingerprints or facial recognition, to verify the user's identity.
  4. Digital certificates. Used primarily in enterprise environments, these certificates provide a secure and official way to authenticate devices and users.

It is imperative that the organisation implements strong password policies, enforcing that they are complex and regularly changed, and that it is accountable for ensuring that these policies are known and followed. In addition, it is important that access attempts are monitored to detect and respond to suspicious or failed access attempts.

 

authentication in cybersecurity perimeter security

Integrated security solutions

Integrated security solutions are essential in network perimeter security by combining multiple technologies and tools into a single platform to provide more comprehensive and efficient protection. They enable organisations to manage and coordinate multiple security measures from a single point, making it easier to detect and respond to threats. Integrated solutions are recommended because they improve an organisation's operational efficiency by centralising security management and reducing complexity. They also provide a unified view of network security, making it easier to identify and respond to threats. They are also scalable, allowing organisations to adapt to new threats and security requirements without the need to deploy multiple standalone solutions. Integrated security solutions include:

  1. Next generation firewalls (NGFWs): offer advanced traffic filtering, deep packet inspection and intrusion prevention capabilities.
  2. Intrusion Detection and Prevention Systems (IDS/IPS): monitor network traffic for suspicious activity and can block attacks in real time.
  3. Web and email security gateways: protect against web and email-based threats such as malware and phishing.
  4. Security information and event management (SIEM) systems: collect and analyse security data from multiple sources to identify patterns and alert on potential incidents.
  5. Virtual Private Networks (VPNs): provide secure, encrypted connections for remote users.

For a correct integration of the solutions, it is advisable to carry out a gradual implementation, to minimise interruptions, to provide continuous training on the tools to the responsible personnel and to keep the solutions updated and monitored.

Shared security

Shared security is a collaborative approach to network perimeter security that has gained momentum since the expansion of cloud services. It involves cooperation between different entities, such as service providers, customers and partners, to protect the network infrastructure. This model recognises that security is a joint responsibility and that each party has a crucial role in protecting data and resources. The main characteristics of shared security are:

  • Mutual responsibility: Both service providers and customers have specific responsibilities for network security. For example, providers may be responsible for physical and infrastructure security, while customers must manage the security of their applications and data.
  • Transparency and communication: open and transparent communication between all parties involved is essential to effectively identify and mitigate potential threats.
  • Common policies and procedures: Establishing security policies and procedures that are consistent and understood by all parties helps to ensure a coordinated response to security incidents.

For security sharing to be truly effective, the responsibilities of each party involved need to be clearly defined and delineated. In addition, communication channels must be established to allow for the rapid and continuous exchange of information on threats and best practices. Regular audits periodically assess the effectiveness of security measures and adjustments can be made as necessary.

Limitations of perimeter cyber security

As technologies have evolved, the original strict concept of perimeter security limited to the internal environment has presented some important limitations that affect its effectiveness in protecting organisations, such as:

Third-party risk

One of the biggest challenges for perimeter security is third party risk. This risk arises when external organisations, such as suppliers, partners or contractors, have access, for operational reasons, to a company's internal network. Third parties are a weak point in perimeter security as they often have different security standards and policies than the host organisation, which can lead to vulnerabilities. Cybercriminals can use these third-party vulnerabilities as a gateway to access the internal network. For example, a vendor with compromised credentials can be used to launch an attack. In addition, third-party management is complex and difficult to monitor. Organisations often have multiple vendors and partners, which increases the attack surface. The lack of visibility and control over the actual and updated cybersecurity status of these third parties ends up becoming an organisational vulnerability. Access our publication→ Third-party risk for organisations.

Complexity of IT systems

The complexity of IT systems is another important limitation of perimeter security. Modern IT systems are composed of a multitude of interconnected components, such as servers, network devices, applications and databases. This interconnectedness creates a large and difficult to protect attack surface. One of the challenges of complexity is managing multiple technologies and platforms. Each component may have its own vulnerabilities and require different security measures. In addition, integrating legacy systems with new technologies can lead to incompatibilities and security gaps. Complexity also makes visibility and control difficult. With so many and varied components and connections, it is difficult to have a complete view of the network and to detect suspicious activities. A relevant aspect of this complexity is patch and update management. Keeping all components up to date and protected against known vulnerabilities becomes an arduous task. Lack of updates leaves open doors for attackers.

Sophistication of cyber-attacks

Attackers are using increasingly advanced and complex techniques to evade traditional defences and penetrate corporate networks.

One of the key factors is the use of automated tools and artificial intelligence by attackers. These tools can scan networks for vulnerabilities, launch coordinated attacks and adapt in real time to the defences in place. The proliferation of targeted attacks, known as zero-day attacks, exploit unknown vulnerabilities in software. These attacks are difficult to detect and mitigate, as there are no patches available for the exploited vulnerabilities. In addition, attackers are employing more elaborate social engineering techniques to trick users into gaining access to sensitive information. In this respect, people are the weakest link in an organisation's cyber security chain. When an attacker manages to trick the user himself into providing his personal credentials, for example, there is no perimeter security system capable of preventing the intrusion. Read our publication→ How to protect yourself amid a wave of cyber attacks on businesses.

 

perimeter cyber security in enterprises

Cost of perimeter armouring

The high cost of perimeter armour is a significant constraint to its proper design. Implementing and maintaining perimeter security measures is extremely costly, especially for organisations with large and complex networks. These costs include the acquisition of security hardware and software, the hiring of specialised personnel, and regular security audits and assessments. One of the most significant challenges is that threats are constantly evolving, requiring continuous upgrades and enhancements to perimeter defences. This can result in a never-ending cycle of expense, as organisations must constantly invest in new technologies and solutions to keep up with the latest threats. Furthermore, the cost of perimeter security is not just limited to the purchase of equipment and software. It also includes the time and resources required to manage and maintain these solutions. Staff training, implementation of security policies and incident response also contribute to the total cost.

Extended cyber security as an enhancement to perimeter cyber security

External perimeter security in organisational cyber security, also known as extended perimeter security, is a strategy that goes beyond traditional defences to protect digital assets in an increasingly interconnected environment. This strategy recognises that threats can originate both inside and outside the corporate network and seeks to nullify or proactively mitigate risks with security before they reach the corporate perimeter security barrier. One of the key benefits of extended cyber security is the ability to monitor and protect external access points, such as VPN connections and mobile devices. This is especially important in a world where remote working and mobility are increasingly common. Extended cyber security also includes the protection of cloud services. With the increased use of cloud-based applications and services, it is crucial to ensure that these environments are protected against unauthorised access and vulnerabilities. This can be achieved by implementing robust access controls, data encryption and continuous monitoring of cloud activity. Among all the advantages of extended cyber security is the ability to detect ongoing threats at the external perimeter of the organisation in an automated, continuous and real-time manner through Cyber Intelligence solutions. Within these solutions, the most evolved ones also include third party risk management. Cyber Intelligence solutions use advanced technologies, such as artificial intelligence and machine learning, to monitor the web, deep web, dark web and social networks for leaked corporate information, open breaches and exposed vulnerabilities and analyse large volumes of data. This enables a fast and effective response to security incidents, nullifying or minimising the potential impact on the organisation's systems.

Extends corporate perimeter cyber security strategy with Kartos by Enthec

Kartos XTI Watchbots is the Cyber Intelligence platform developed by Enthec to extend the security perimeter controlled by organizations.
By simply entering the organization's domain, Kartos provides real-time information on exposed vulnerabilities and open breaches in nine threat categories outside its IT perimeter.
In addition, Kartos by Enthec allows organizations to continuously and automatically control third-party risk, providing real-time data.
If you want to learn more about extended cybersecurity, download our whitepaper, Extended Cybersecurity: When Strategy Builds the Concept.
Contact us for more information on how Kartos can extend your organization's perimeter security strategy.

by Enthec