Anatomy of Attack – Attack Vectors

Anatomy of Attack – Attack Vectors

Trent: Hi there welcome back to TechScoop, thanks for joining us now today I am joined by a very very special guest, Ryan Economos from Mimecast. Thanks for joining me Ryan.

Ryan: thanks Trent, good to be here.

Trent: Now can you just tell us a little bit about Mimecast and what you guys get up to over there?

Ryan: Yeah, absolutely so Mimecast is a vendor that focuses on resiliency for email, which is all around providing protection at the gateway, but also ensuring that you’ve got durability of your system so you can continue to operate in the event of unexpected downtime and you’ve got a platform to automate recovery and that’s really important because today email remains the #1 attack vector with over 91% of attacks starting with email.

Trent: So, what I want to talk about today is the anatomy of an attack. Now when you said that email is one of the primary attack vectors or the main one can you break that up into further attack vectors so we can understand it a little bit more.

Ryan: Sure, there’s a lot of attack vectors out there but I generally break them down into two key categories. One’s the shotgun approach to phishing or attacks, where an attacker has a large degree of anonymity they don’t particularly care about targeting any one individual. They just want to spread the attack as wide as possible, so it’s very much that shotgun approach. Some of the common examples may include the likes of your postal tracking emails where it provokes you to click on a link. Or an overdue amount on your electricity bills they typically use emotive or language that generates a sense of urgency which promotes a click on that link.

Trent: The opposite of that I suppose

Ryan: Of course, and there was two so we definitely need to go through the second one. The second one very much focuses on the more sniper rifle approach to phishing where it’s far more targeted, the attacker will spend a lot more time investigating who it is they’re going to attack as well as who are they going to potentially impersonate. Generally you want to make sure that this is as targeted as possible and the best way to get an action out of an employee is to impersonate someone with a high degree of seniority within a business. Think along the lines of your CEO, your CFO we’re seeing impersonation attacks asking for money to be transferred or it might be looking for intellectual property about the organisation to be disclosed. We’ve even started to see that evolve now to not just be impersonation of internal people, but impersonation of contractors that an organisation works with. So again that sort of evolution.

Trent: So the main difference that I’m getting is that the shotgun approach is just for everyone. They’re using that type of language to evoke emotions and get someone to click, download something, take some kind of action where as the sniper rifle approach is very targeted towards an individual. So the language would be completely different. It would try and mimic someone, like a CEO or someone of seniority.

Ryan: Correct

Trent: Thanks for that Ryan really appreciate it, I appreciate your time. Now next time I just want to talk about the actual process of how an attack unfolds. So from this shotgun sniper rifle into next steps of what’s going on.

Thanks for watching.