TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Phishing: The Secret of Its Success and What You Can Do to Stop It

2017-11-16 · Read original ↗

ATT&CK techniques detected

9 predictions
T1566.002Spearphishing Link
98%
“phishing : the secret of its success and what you can do to stop it introduction phishing has proved so successful that it is now the number one attack vector. 1 the anti - phishing working group reports that in the first half of 2017 alone, more than 291, 000 unique phishing web…”
T1566.002Spearphishing Link
78%
“out my track time and cornering : http : / / vizodsite. com / istruper _ video _ 10 see you at next week ’ s autocross? bill as you might have guessed, this is a spear phishing email. download the full report now! in spear phishing, the attacker leverages gathered information to …”
T1589.002Email Addresses
76%
“isp rather than the actual organization. but, sometimes attackers get lucky. most of the time, they can uncover where sites are being hosted and gain some basic information about the company ’ s network configuration. in addition to the ip address information, every organization …”
T1589Gather Victim Identity Information
66%
“annual income, education, phone number, age range, and even racial profiling. here ’ s some typical information you can get from these kinds of sites : - home address - mobile phone number - home ( landline ) phone number - age - salary range - spouse and family - email address, …”
T1589Gather Victim Identity Information
58%
“. their first, key objective is to zero in on the correct person within the organization to accept the phishing “ hook. ” this means finding the names of persons through organizational data research. the attacker ’ s goal is to identify the people in key positions who have access…”
T1598Phishing for Information
42%
“low - risk stuff that can happen in secret from afar. but, as the great detective said, “ you know my method. it is founded upon the observation of trifles. ” 7 how attackers collect data about your employees we ’ ve seen an everyday example of how easily a competent corporate ex…”
T1591Gather Victim Org Information
39%
“web, as in this example : publicly traded companies have even more information available online from their sec filings. here is an excerpt from a recent 8 - k filing from f5 about our new corporate headquarters : many corporations that have been around for more than a few years h…”
T1589.002Email Addresses
35%
“boringaeroplanes. com from this, attackers have a number of ip addresses, and they know what software the mail server is running and how email flows out of the organization. how attackers pull it all together, and how you can fight back by now, it should be pretty evident why phi…”
T1598.003Spearphishing Link
32%
“. their first, key objective is to zero in on the correct person within the organization to accept the phishing “ hook. ” this means finding the names of persons through organizational data research. the attacker ’ s goal is to identify the people in key positions who have access…”

Summary

Learn about the tricks attackers use to dupe unsuspecting users and how you can help protect them—and your organization.