Introduction to Phishing

A type of attack which is aimed for stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files on their computer.

Phishing attacks correspond to the “Delivery” phase in the Cyber Kill Chain model created to analyze cyber-attacks. The delivery stage is the step where the attacker transmits the previously prepared harmful content to the victim’s system.

Phases of the Intrusion Kill Chain -

1- Reconnaissance — Research, identification, and selection of targets

2- Weaponization — Pairing remote access malware with exploit into a deliverable payload (e.g. Adobe PDF and Microsoft Office files)

3- Delivery — Transmission of weapon to target (e.g. via email attachments, websites or USB drives)

4- Exploitation — Once delivered, the weapon’s code is triggered, exploiting vulnerable applications or systems.

5- Installation — The weapon installs a backdoor on a target allowing persistent access.

6- Command and Control — Outside server communicates with the weapons providing “hands on keyboard access” inside the target’s network.

7- Actions on Objective — The attacker works to achieve the objective of the intrusion, which can include exfiltration or destruction of data, or intrusion of another target.

The phishing attack is the most common attack vector for initial access. Of course, the only purpose of the attack is not to steal the user’s credentials.

The purpose is to exploit the human factor as it’s the weakest link in the chain. Attackers mostly use this attack as the first step to infiltrate the systems.