Open in app

Sign in

Write

Sign in

Spear-phishing attack

Prasan singh
4 min readOct 14, 2021

--

Target: ABC Construction company

Threat Actor: A rival construction company (Construction Tech)

Scenario: ABC construction company is in a highly competitive bid against other companies located in the southwestern United States. This project ranges from elementary schools to high schools. The project is done for ten years. During those ten years, the winning company shall be awarded all jobs available without bidding for them. Millions of dollars are at stake, so everyone wishing to bid has a deep desire to win. After months of review, ABC construction is awarded a ten-year contract. One company, in particular, is not happy with the results; after the contract is awarded (Construction Tech), they file multiple protests, but all fail. ABC construction will be given their first school within the coming weeks. The owner of Construction Tech is not happy with the results and looks for a way to harm ABC construction in any way possible. The owner finally finds hackers on the internet and pays them for malicious services. The hackers start by applying the following to stage their attack on ABC construction:

  • Reconnaissance
  • Weaponization
  • Delivery
  • Exploitation
  • Installation
  • Command and Control
  • Action on Objective

Reconnaissance:
The attackers begin their attack by gaining information on their target. With all of us on the internet today, it is easy to leave data lying around for people to see. The hackers being by looking up employees that work at ABC construction on various social media sites and other OSINT sources. LinkedIn, Facebook, Twitter, & Instagram are easy places to start a search and are usually the first stop for attackers. Next, the attackers look up the location of ABC construction by using google maps. This is to find any additional information on their victim. They look at reviews, find the business number and the company website. Once they are finished, they have a list of who owns the company and the people that work inside the home office of ABC construction.

USE CASE:
By using the internet and all the information available to the public, the hackers only need time to gather information about ABC construction.

Weaponization:
Our attackers now have the information they need to prep their weapon of choice. This can range from RATS, Worms, & Ransomware. When it comes to Spear Phishing attacks they are usually delivered via email and are usually attachments or malicious links located in the body of the email.

Use Case: malicious file attachments and links are sent to the front desk employee titled “ I need a project done, ASAP can you help?” The email contains multiple attachments of photos inside a zip file. Inside these zip files, we have malicious executables waiting for someone to download and activate them.

Delivery:
Our malicious actors have sent a spear-phishing email to the new front desk employee. If this attack fails they have a list of other employees to try their next spear-phishing attack. Janet a new front desk employee is unaware of the damages that can be caused by clicking on everything she sees without considering if the email is malicious or not. ABC construction does not invest in cyber training especially for new hires.

USE CASE:
The zip files have been downloaded run on the front desk computer.
The new hire also clicks on the link and fills out a form adding additional information to the attacker's database

Exploitation:
The files with the malicious code are run several times by the new office employee thus infecting the computer giving the attackers a foothold in ABC’s Intranet.

USE CASE:
ABC’s Intranet is now infected with RATS (Remote Access Trojans) & other forms of malware.

Installation:
RATS can now be controlled freely by hackers from a remote location due to the Zip file installation.

USE CASE:
RATS have gone past any security software ABC may have on their computers. The RATS are now working by sending information from ABC’s server to their malicious server.

Command & Control:
RATS are now moving through the network unchecked and infecting other computers.

USE CASE:
Information including files, financial documents, photo’s, account credentials are being stolen and sent back to the hackers
RATS also have gained control of computer microphones and cameras and begin recording screen activity. They then share stolen information with Construction Tech and sell any additional information on the dark web.

Action on Objective:
In a matter of weeks, ABC’s business has not only been compromised but crippled due to the damage done by our threat actors and have trouble maintaining projects and deadlines which results in them losing their 10 contracts.

USE CASE:
All passwords and accounts have been compromised
Important companies have been copied and sold by attackers
ABC does not recover from this cyberattack for months

Cybersecurity
Information Technology
Hacking
Computer Science
Bug Bounty

--

--

Prasan singh

Written by Prasan singh

38 Followers

CE|H v11 || CTF 🏳️ || Cybersecurity Researcher || Programmer 👨‍💻Founder of CyberJunk

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams