It may seem counter-intuitive to place the motives and methods of attackers on a pedestal, but there is immense value in doing so. Today’s threat landscape demands an ongoing role reversal; which is the ability and desire to emulate the thought process and real-world methodologies of attackers in order to gain visibility and an advantage over the countless “what-if” scenarios that we face.'The motives of an attacker will have a strong influence on the methods they employ to get what they want.' Click To Tweet
Visualizing what it is that an attacker wants is an important step because it provides us context into the motives portion of an attack. Many people still think that motives are purely financial or one-dimensional, but modern attacks are driven by a wide range of evolving motives. Let’s position our discussion around just a few of these:
- Obtain intellectual property or inside information
- Interrupt production or negatively impact customer interactions
- Make a “new friend” within an organization with ulterior motives
- Hijack resources to broadcast a political message or social stance to a large audience
- Collect technical profile details about an environment for collaboration and exploration for a future attack
The motives of an attacker will have a strong influence on the methods they employ to get what they want. The list of motives we visualize will often include more than a single item; so it comes as no surprise that the list of methods will constantly expand. It is important to note that the most persistent and effective attacks often employ multiple vectors or a mixture of methods to accomplish their goals. Let’s look at a short list of attacker methods, which is by no means all-inclusive, but represents a sampling of real-world attacker methods:
- Craft and register a reasonable domain name and combine it with a filter-friendly phishing e-mail to obtain access or information
- Utilize a portable media device containing attractive files to accelerate the pace of an attack
- Employ voice-based methods to generate revealing, “off the record” conversations with employees
- Study the surface of an organization to glean information about employee groups, promotions, and news items about the company
- Utilize direct SMS/text-based messaging to gain access to employees outside of standard perimeter detection
Strategically simulating “what if” scenarios generated from the attacker perspective provides a premium level of real-world visibility and objective evidence. This visibility can only be obtained through sustained studies of BOTH the motives and methods of attackers. When these scenarios go from concept to application through a sound, safe, and secure method of testing and measuring; we not only gain visibility into our people, process, and technology layers; we gain this visibility from The Attacker Perspective.
For more information on phishing and cyberfraud, visit our spear phishing blog here.
To further protect yourself from these attacks, invest in technologies specifically engineered to detect and prevent this type of attack. Barracuda Phishline shows your employees the latest attack techniques, which helps them recognize the subtle clues and help stop email fraud, data loss, and brand damage. Barracuda Sentinel protects companies from spear phishing and cyberfraud by stopping impersonation, domain spoofing, and hijacking. We offer free 30-day trials on both solutions so that you can test them risk-free in your own environment.
Dennis Dillman is the VP of Product Management for PhishLine at Barracuda Networks. In this role, he has been responsible for rollout of an entirely new training program for the PhishLine platform, and he has worked with Fortune 100 customers to design and improve their security awareness programs.