Phishing is a form of online identity theft in which fraudsters trick Internet users into submitting personal information to illegitimate web sites.
The word ‘Phishing’ is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim (and hence the picture I have used in this post)
Phishing scams are usually presented in the form of spam or pop-ups and are often difficult to detect. Once the fraudsters obtain your personal information, they can use it for all types of identity theft, putting your good credit and good name at risk. One of the most widely used Phishing techniques is email spoofing, which necessarily means where the attacker sends a legitimate looking email to a victim, which can have links to websites which is malicious or is controlled by the attacker. Emails are also the most widely used Delivery mechanisms, that an attacker uses to deliver the Attack payload or the exploit itself. (I shall talk about Delivery mechanisms and the larger Cyber Kill Chain Concept in a later post).
These emails can also contain attachments like Word documents, Spreadsheets, PDF files, etc.. And embedding objects within these attachments, is one of the easiest ways of delivering the payload, because embedding objects is something that we IT Professionals also use frequently for legitimate reasons. So this is leveraged by attacker to his advantage.
As Amanda Stewart a FireEye says, in her recent post on their blog:
Phishing emails are one of the most common delivery mechanisms for malware authors. The attachments in those phishing emails have a variety of payloads. Well-known delivery methods include: exploiting vulnerabilities in the document program (e.g., doc, xls, rtf), using macros, or embedding user-clickable objects that drop payloads. Out of all these methods, embedding objects in the document is considered a “gray area” because both IT professionals and malware authors use this technique.
In the post, she also talks in detail about the Dos and Don’ts when embedding objects within documents.
- If you must send someone an installation executable or even a form helper program, compress the executable in a password protected ZIP file, where the password is not easily guessable. Using a standardized strong password limits access to users or employees that need to access the program.
- Educate your employees to not click on objects in documents without first confirming the source email address.
- Enforce content filtering on web and email to prevent employees receiving executable files from the internet
- Remove admin/local admin privileges to prevent employees installing new and unknown software onto devices.
- Consider Advanced Threat Prevention technologies that can examine emails for sophisticated multi-stage droppers that evade detection of all email security gateways today.
Here is the link to her post; a must read for IT Admins, and also for Security Analysts and Incident Responders: https://www.fireeye.com/blog/threat-research/2015/04/dos_and_don_ts_with.html
Picture courtesy: http://www.cyberoam.com