Phishing and watering holes

- [Instructor] As the security of the operating application surface improved, direct penetration of a target became more difficult. Consequently, cyber criminals looked for other ways to get malware into their target. On a workstation, the weakest link, of course, is the person using the computer, and so we become the target. The first approach taken by attackers to exploit the user is what's called phishing. This involves sending an email with a malicious attachment or a link to a malicious site to a lot of users, hoping that at least one will take the bait and open the attachment or click on the link. At this point, the malware downloads into the target system and begins executing. A phishing email will do as much as possible to entice its recipient to open its malicious attachment or to click on the link. In the early days, this might have been a rather crude appeal to greed by suggesting the recipient had won a lottery they hadn't entered. But nowadays, the better phishing attacks are much more sophisticated. The email may pretend to have an up-to-date analysis of a current news topic. It may look like an official bank email asking you, ironically, to check your security or account settings. It may look like a postal email advising you a parcel is ready for pickup. Attachments are always suspicious, and hovering over a supposed government hyperlink to find it links to GF65mmjy.com is a sure giveaway. Sometimes phishing attacks aren't carried out by sending email to a large recipient list but are designed to trap a specific person. These are referred to as spear phishing emails. In this case, the attacker will have spent a fair bit of time researching the target and will craft an email which may purport to come from a colleague inside the business and use common business terminology. These are not necessarily harder to detect as phishing emails, but they are designed to have the recipient let down their guard. Consider your own email over the last week or month. Have you received a phishing email? What did you do? Did you open it or just delete it? Was it fairly crude or did it look quite convincing? Many phishing emails these days can be quite sophisticated and difficult to detect as traps. Some special forms of phishing campaigns have been seen. Some phishing campaigns target mobile users while others target users of voice over IP services, an attack also known as phishing. Phishing attacks, like any cyber attack, can be costly. Between 2013 and 2015, cyber attackers scammed over a hundred million dollars out of Facebook and Google by asking for it through phishing emails. Waterholes are another type of attack focused on the user. In this attack, a website which focuses on a specific set of users, doctors, for instance, is compromised. The site is typically one commonly used by the group and when they subsequently visit it, their malware is downloaded. The attacker hopes that the user will do this on their business computer, hence enabling access to their organization. In 2020, Kaspersky discovered a waterhole attack targeting religious charities. The campaign was named Holy Water and worked by tricking visitors into downloading an Adobe update which contained the malware. The attackers have yet to be identified. A good example of how an event can trigger phishing attacks is the 2022 FIFA World Cup where phishing attacks targeting the Middle East doubled in the lead up to the event. Many of the emails look like they were from the FIFA help desk, as we can see here. The goal of these phishing attacks included financial fraud, gaining credentials, stealing information, and surveillance. Many of the emails focused on betting on the World Cup enabling, the attackers to gain credentials which they could reuse.