- The Quarterly
- Audit Excellence
|Quarterly: Summer 2020 - Timothy Neuman|
Network Security: Spear Phishing for Information
Many people will tell you, “Don’t sacrifice flexibility for security.” However, for little IT shops, and the local government administrator in particular, that is what you need to do. Protection of a building is a lot easier if there is only one way in and one way out. The balance comes from responding to elected officials that want a “glass building” in the middle of a public park. While I am still not completely sure Microsoft should be congratulated, Microsoft has come a long way to being able to offer a balanced security posture. This article will cover the history, threat, and possible solutions to the use of spear phishing attacks.
History of Phishing
In the beginning, Microsoft was not concerned about a securing anything more than the entire computer marketplace. The default flexibility programmed into MS Office (Office) allowed bad actors the freedom to attack a network utilizing any Office product or website. MS Outlook was, by default, executing, downloading, and installing then tracking everything the user did or might even want to do. The security administrator had to take specific action, research, and enlist multiple electronic disciplines to get a reasonably secured environment.
Speed, processing power, and new exposures on the social network have further increased the amount of phishing, elevating this to a new level – spear phishing (Bienkiewicz 2019). Spear phishing means that the user job, interests, or other more detailed data has been inserted into a standard phishing attack. This refinement is utilized by “… almost two-thirds (65 percent) of all known groups carrying out targeted cyber attacks” (Cook 2020). It is now time to have a similar single point of defense like the Microsoft 365 Enterprise software suite.
Threat – COVID-19 Social Engineering
Phishing, utilizing COVID-19 as a lure is the latest in Spear Phishing. Bad actors are utilizing the “real” threat and information distribution to gain information from our users. For example:
An email is addressed specifically to a user’s account, with “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)” as the Subject line. The entire intent of the email is to have the user select the ‘hyperlink’ (blue characters) contained in / associated with this simple message. Once the link has been selected, information is requested about the city the user wishes to have information… the bad actor gains the inputted data.
What can be done to supplement the user training and notifications?
Firewalls. Firewalls are not new, but refining firewalls on a daily basis is not possible for most small IT or governmental IT departments. However, setting up a firewall means updating it on a regular basis. Network scanning is effective for detection after the compromise, and the more restrictive the more users will either go around or find it too difficult to properly maintain. Spear fishing is built to get around all of these initial network protectors and into the inbox of each user.
Whatever solution your organization has adopted, ensure that the Firewall product is being managed – updated and patched. Then, make sure the product is installed correctly and is functioning as you expect it to.
Spear phishing has become a major problem. The utilization of social networking to customize the email phishing threat must be combated. While evaluating which employees require email will help eliminate unnecessary email risk, updating and correctly configuring the spam filters, adding warning labels, and keeping firewalls and virus software updated will continue to help mitigate the risks of spear phishing. While the ease of social research and ability to quickly modify phishing emails must be controlled through the individual network users, keeping all the physical, logical, and software tools up-to-date and continuously configured will help mitigate this problem.
Bienkiewicz, David. 2019. "Spear Phishing: Targeted Attacks with Higher Success Rates." Compassitc. August 8. Accessed April 7, 2020.
About the Author
Timothy Neuman is a Certified Information Systems Auditor (CISA) and Certified Internal Auditor with over 20 years of Information Systems auditing and consulting experience. He holds a Master of Information Systems and Master of Arts in Teaching. As a Senior Governmental Auditor, and University Adjunct, he utilizes the latest information system tools to evaluate, analyze, and instruct the citizens in the Savannah, GA area.