Cybersecurity firm Symantec released a report on Dragonfly 2.0 in September 2017. Dragonfly is a group of cyber attackers that has been in operation since 2011; the Dragonfly 2.0 campaign started in late 2015 and attacks power systems, resulting in disruptions to Ukraine’s power system in 2015 and 2016. In several other cases, including in the U.S., hackers gained access to the target companies’ networks.
While there are many methods that cyber threat actors utilize to gain information that help them break into networks, spear phishing, or phishing, is one that targets all of an organization’s employees. Any individual could supply information that could compromise a network’s security.
What is Spear Phishing?
You’ve probably received an email that doesn’t look quite right. Maybe it looked like it was coming from an organization you know, but the logo and email domain were off. Or maybe it contained instructions for action you needed to take – but you didn’t recognize the sender.
Spear phishing is a cyber attack method used to compromise systems and networks and gather information using social engineering techniques. A phishing email is designed to prompt a response from the recipient, such as clicking on a link or opening an attachment. Through the response, the recipient may download malware or be redirected to a website prompting them to provide sensitive information, such as login credentials, that will be sent to the cyber threat actors.
Spear Phishing Defense
It’s important to train employees to recognize suspicious emails and handle them appropriately:
- Hover over links to make sure the true destination matches what appears in the email and that it appears to match the organization’s URL structure
- Never reveal personal or financial information in response to an email; better yet, don’t respond to any email that looks suspicious
The IT department should also use filtering, blocking, and validation techniques to prevent emails with known phishing indicators from reaching employees in the first place.
Even so, it’s possible that cyber threat actors could start to collect information that will enable them to disrupt a system in the future. They continue to build their knowledge with every piece of data that they gain from an attack.
Network monitoring is a process used to identify and report slow or failing components that may cause outages or other problems. CIS’ Albert is one network monitoring solution that provides automated alerts on both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk.
How it works:
- A sensor (or sensors) are placed on the organization’s network
- Data anomalies are reviewed for malicious activity or data exfiltration
- CIS’ 24/7 Security Operations Center will notify the organization of any and all threats detected on the network.
Albert network monitoring is available for U.S. state, local, tribal, and territorial entities including publicly owned power utilities.
Learn more about network monitoring from CIS