Phishing Attacks – It is in the numbers. (pt 6)

I think we have established two key points in previous articles in this Back-to-Basics, Email Phishing Primer:

1 – Threat actors’ primary motivation for sending out phishing emails is financial.

2 – One of the best tactics any organisation can use to defend against phishing attacks is cyber security awareness training – also known as “spidey sense”.

Phishing – Threat actors don’t care who!

If you get a phishing email, most times you are not special – sorry. Previously we have looked at some of the major types of email phishing attacks, some of which can be targeted at specific people, and these can be some of the most devastating phishing attacks if successful – but generally, you are not special.

For a successful email phishing campaign, the threat actors will automatically generate and send out millions of malicious phishing emails, using email lists, probably purchased on the Dark Web. A recent attack that aimed to spread ransomware included subject lines “your document” and “photo of you???”, sent from the innocent-sounding “Jenny Brown” or “Jenny Green”. If you open the attached .zip file the attack chain activates and executes the malicious payload. Millions of these phishing emails were sent out – however, your and our email protection software probably filtered out many such emails, stopping them reaching you at your desk. (Gatlan, 2024)

Why millions?

It is a numbers game. The threat actors are looking for a member of staff who is under stress and having a bad day, who will open an email with a convincing subject line. They are looking for a new member of your team or the senior manager who had a “good excuse”, neither of whom have been on the Cyber Security Awareness Training. They hope the email lands with Jenny Green’s girlfriend, who wonders exactly what pictures she has sent her! I could go on, but you get the idea. Millions for the few who will click.

Make sure it is not a member of your team that clicks when they should delete.

Clive Catton MSc (Cyber Security) – by-line and other articles

Cyber Security Awareness Training

References

Gatlan, S. (2024). Botnet sent millions of emails in LockBit Black ransomware campaign. BleepingComputer. https://www.bleepingcomputer.com/news/security/botnet-sent-millions-of-emails-in-lockbit-black-ransomware-campaign

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Phishing – Threat actors don’t care who!

Why millions?

References

Further Reading