How Digital Footprint is Used for Targeting & Phishing

The Correlation of Oversharing on Social Media and Phishing Attacks

Attackers use online footprints to develop targeting profiles of executives and other employees based on open-source data. From social media to data scraping aggregators, personal information is available to virtually anyone in the world for minimal cost. And people today have developed a tendency to advertise voluntarily massive amounts of information about themselves on social media with the goal of making themselves more accessible to those around them.

However, using social media, an attacker can often draw a fairly concise picture of an individual, determining relationships and preferences, as well as rudimentary organization charts, enumerating which managers report to which executives, as well as who might report to the managers, and so on down the chain. If the attacker can find (or simply guess) a sample email address from the company, he or she can then launch an impersonation campaign with the goal of extracting sensitive data. Everything you say and share will be used against you.

The Same Information is Used for Different Cyber Attacks

Spear phishing

Spear phishing is the act of targeting specific employees with the goal of either extracting information or enabling an entry point into the network through that employee’s device. The attacker will often employ the tried and true technique of impersonating a coworker (both more senior and less) or personal acquaintance in order to catch the victim off guard and lower their inhibitions into clicking something unknown.

However, if one technique doesn’t work, the attacker will switch to another. In fact, attackers will often employ multiple techniques concurrently and in tandem with one another in the hope that at least one of them works. Since any single attack vector in social engineering stands a relatively low chance of succeeding, employing multiple attack vectors simultaneously against multiple targets allows an attacker not only an increased possibility of success, but also allows him or her to incrementally gain information that he or she can then use against other targets.

For example, if an attacker identifies both an executive and a department head who sits in a different location, the attacker may send an email to that manager with a task or request and then, upon learning the reply, use that information in an email directly against the executive.

Whaling

Whaling, on the other hand, directly targets senior leadership. The attacker may impersonate a lower-level employee, trusted assistant, or even personal acquaintance, in order to gain access to the leader’s device in order to extract information, implant spyware, or establish a backdoor through which he or she can then compromise larger sections of the network.

Aside from whaling, senior leadership who maintain robust digital footprints also expose themselves to myriad other threats, namely extortion and blackmail. Savvy attackers can easily deduce important personal information from an individual even if that individual only maintains a modicum of online presence, much less a robust online profile.

Use Security Intelligence and OSINT to Defend Against Phishing Attacks

How does an organization protect itself against these phishing attacks?

The most common belief to mitigating phishing is deploying some tool that detects and blocks phishing emails and URLS. This couldn’t be further from the truth. The first line of defense is simply knowing what information an attacker may find, as well as what the attacker may be able to glean from that information. For instance, general job titles for several members of an organization can tell an attacker who does what, but specific job titles for those same individuals can often assist the attacker in identifying each individual’s seniority, as well as who reports to whom.

Once this information is identified, the organization can determine if such information is benign or should be removed or altered. Remember, a targeted attack is only as good as the intelligence acquired to drive the attack. While the job histories of two executives may be perfectly benign, a photo of their children playing on the same school’s sport teams posted to a linked spouse’s account can potentially tell an attacker many things about both individuals and open the door to highly devastating attacks. Overshared information can provide just enough context in a campaign to make the attack more believable. Without over shared information in hand, an attacker can make a critical mistake that can trip warning signals.

Using DigitalStakeout Scout a security team should identify the digital footprints of both the organization and its personnel to quickly establish a baseline awareness of what opportunity space an attacker has. With brand intelligence, your team will know where your brand is present online. With vulnerability intelligence, you’ll know what new exploits are being used to attack your personnel and technology. When breaking events and cyber attacks impact your industry, you’ll have the event intelligence to immediately detect and respond to threats.