Know Your Enemy: Phishing
Lance Spitzner dropped me a line last night to notify me of their latest paper, "Know Your Enemy: Phishing; Behind the Scenes of Phishing Attacks", which he, and the other fine folks over at the Honeynet Project and Research Alliance, just published. It's definately worth a read.
Lance explains, "What makes this paper new/different is that it focuses on behind the scenes of how attackers build, use and maintain their infrastructure of hacked systems. Its based on data collected in the UK and Germany, and is similar in technical detail to our previous Botnet paper."
A brief excerpt:
Phishing is the practice of sending out fake emails, or spam, written to appear as if they have been sent by banks or other reputable organisations, with the intent of luring the recipient into revealing sensitive information such as usernames, passwords, account IDs, ATM PINs or credit card details. Typically, phishing attacks will direct the recipient to a web page designed to mimic a target organisation's own visual identity and to harvest the user's personal information, often leaving the victim unaware of the attack. Obtaining this type of personal data is attractive to blackhats because it allows an attacker to impersonate their victims and make fraudulent financial transactions. Victims often suffer significant financial losses or have their entire identity stolen, usually for criminal purposes. This KYE white paper aims to provide practical information on the practice of phishing and draws on data collected by the German Honeynet Project and UK Honeynet Project. This paper focuses on real world incidents that the Honeynet Project has observed in the wild, but does not cover all possible phishing methods or techniques. Attackers are constantly innovating and advancing, and there are likely to be new phishing techniques already under development or in use today.Thanks, Lance!
0 Comments:
Post a Comment
<< Home