Protection of external information perimeter of organization from spear phishing

• Main Authors: Sergey I. Zhurin, Dmitry E. Komarkov
• Format: Article
• Language: English
• Published: Moscow Engineering Physics Institute 2018-12-01
• Series: Bezopasnostʹ Informacionnyh Tehnologij
• Subjects: APT, phishing, spearphishing, social engineering, software implementation.
• Online Access: https://bit.mephi.ru/index.php/bit/article/view/1164

Spear phishing is one of the social engineering techniques. In case of spear phishing the email text is compiled taking into account the knowledge about a particular company and rather often about the employee using sociology and psychology in such a way that cause the desire to open the attached file or to click on the link. The main difficulty of protection against such e-mails is that the methods of automated analysis do not guarantee its detection, as modern cyber criminals use new text formulations, zero-day vulnerabilities, as well as automation tools to inject exploits into files, which reduces the effectiveness of signature analysis of anti-virus programs. Each of the existing detection technologies alone does not provide protection against spear phishing. However, the combination of technologies (spam filtering, firewalls, anti-viruses), with the mandatory organizational measures, including training and testing of personnel, allows to protect the external information perimeter of the company from the spear phishing. The paper presents a detailed analysis of the technology of spear phishing implemented by two typical methods: the launch of the exploit when clicking on the link and when one runs an executable file. An overview of the vulnerability used in 2016-2017 for the attacks is presented. Modern technologies of protection and their comparative analysis are given. It is noted that each of the technologies used separately does not allow an effective protection against spear phishing. On the basis of comparative analysis and analysis of modern information threats the most effective modern methods of protection are proposed.