Print Page | Contact Us | Sign In | Become a Member
Quarterly: Summer 2020 - Timothy Neuman

Network Security: Spear Phishing for Information

 


By Timothy Neuman

Many people will tell you, “Don’t sacrifice flexibility for security.” However, for little IT shops, and the local government administrator in particular, that is what you need to do. Protection of a building is a lot easier if there is only one way in and one way out. The balance comes from responding to elected officials that want a “glass building” in the middle of a public park. While I am still not completely sure Microsoft should be congratulated, Microsoft has come a long way to being able to offer a balanced security posture. This article will cover the history, threat, and possible solutions to the use of spear phishing attacks.

History of Phishing


In the beginning, Microsoft was not concerned about a securing anything more than the entire computer marketplace. The default flexibility programmed into MS Office (Office) allowed bad actors the freedom to attack a network utilizing any Office product or website. MS Outlook was, by default, executing, downloading, and installing then tracking everything the user did or might even want to do. The security administrator had to take specific action, research, and enlist multiple electronic disciplines to get a reasonably secured environment.

Balancing user needs, the administrator was still required to provide for the portability and compatibility between a Word document, Excel spreadsheet, and PowerPoint presentation, in order to allow every user to make very professional documents. Administrators placed the security of the network on the reliance of the user. This solution resulted in the proliferation of attacks based on user selection has created the number one problem: phishing attacks.

Spear Phishing


Speed, processing power, and new exposures on the social network have further increased the amount of phishing, elevating this to a new level – spear phishing (Bienkiewicz 2019). Spear phishing means that the user job, interests, or other more detailed data has been inserted into a standard phishing attack. This refinement is utilized by “… almost two-thirds (65 percent) of all known groups carrying out targeted cyber attacks” (Cook 2020). It is now time to have a similar single point of defense like the Microsoft 365 Enterprise software suite.

The size of the company doesn’t matter. The Social engineering and limited defense resources have resulted in the following statistics: small organizations (under 250 employees) average 323 emails (over 1 email per person), while large organizations (1001 to 1500 employees) average 823 malicious emails (about half of the employees) (Gindi 2020).

Threat – COVID-19 Social Engineering


Phishing, utilizing COVID-19 as a lure is the latest in Spear Phishing. Bad actors are utilizing the “real” threat and information distribution to gain information from our users. For example:

An email is addressed specifically to a user’s account, with “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)” as the Subject line. The entire intent of the email is to have the user select the ‘hyperlink’ (blue characters) contained in / associated with this simple message. Once the link has been selected, information is requested about the city the user wishes to have information… the bad actor gains the inputted data.

What can be done to supplement the user training and notifications?

Safeguards


Firewalls. Firewalls are not new, but refining firewalls on a daily basis is not possible for most small IT or governmental IT departments. However, setting up a firewall means updating it on a regular basis. Network scanning is effective for detection after the compromise, and the more restrictive the more users will either go around or find it too difficult to properly maintain. Spear fishing is built to get around all of these initial network protectors and into the inbox of each user.

  • Windows Defender is built into the Windows 10 operating system. Turning the Windows Defender on does not hurt any other Firewall or defensive measure. Therefore, I would recommend utilizing it.
  • MacAfee Total Protection and Norton 360 both have firewalls with the Antivirus software solutions. These Firewalls are kept up-to-date and are patched regularly.

Whatever solution your organization has adopted, ensure that the Firewall product is being managed – updated and patched. Then, make sure the product is installed correctly and is functioning as you expect it to.

Spam Filters. A spam filter is a program that identifies ‘”problematic” words and then risk ranks each email received. Filters are better than network security devices or detectors; however, updating and consistent usage is reliant on word lists. Based upon the level of risks associated with each word grouping, a warning or quarantining of the communication is performed. This listing must be continuously updated to ensure “newly identified combinations’ can remain identified.” You can change the level.


User warning labels. The most resent version of Outlook 365 and Windows 365 Enterprise have significantly improved safeguards, including the ability to automate the production of a warning label that indicates when an email originated outside of the home network with Microsoft Defender Advanced Threat Protection (Gindi 2020).

Externally host the email. Let another company, like Microsoft, host the company email, and then protect the network by only allowing the internet connection. Then, encourage your users to login to your email from a web address. Finally, the ultimate restriction for phishing is to have no individual company email accounts. Why do all employees need an internet mail account? Then, just as some employees do not need email, new tools (like Skype for Business and Microsoft Teams) can be utilized instead of email.  Just because you are an employee does not give you a business reason to have an individual email account.

Summary


Spear phishing has become a major problem. The utilization of social networking to customize the email phishing threat must be combated. While evaluating which employees require email will help eliminate unnecessary email risk, updating and correctly configuring the spam filters, adding warning labels, and keeping firewalls and virus software updated will continue to help mitigate the risks of spear phishing. While the ease of social research and ability to quickly modify phishing emails must be controlled through the individual network users, keeping all the physical, logical, and software tools up-to-date and continuously configured will help mitigate this problem.

References


Bienkiewicz, David. 2019. "Spear Phishing: Targeted Attacks with Higher Success Rates." Compassitc. August 8. Accessed April 7, 2020. 

Cook, Sam. 2020. "Phishing Statistics and Facts for 2019-2020." Comparitech. February 7. Accessed April 7, 2020. 

Gindi, Moti. 2020. "Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response Wave." Microsoft. March 18. Accessed April 7, 2020. 

About the Author


Timothy Neuman is a Certified Information Systems Auditor (CISA) and Certified Internal Auditor with over 20 years of Information Systems auditing and consulting experience. He holds a Master of Information Systems and Master of Arts in Teaching. As a Senior Governmental Auditor, and University Adjunct, he utilizes the latest information system tools to evaluate, analyze, and instruct the citizens in the Savannah, GA area.