After attempting a Wi-Fi sniff, the Cybaverse Red Team moves on to the next TTP to test, Phishing.
Phishing is a type of Social Engineering cybercrime where a threat actor sends fraudulent emails in order to get the recipient to reveal personal information or allow access to a system or network.
This can be done in two different ways, malicious attachments and links to malicious websites.
Phishing attempts are often sent randomly to large number of recipients and rely on the numbers to be successful. There also different types of Phishing, such as Spear Phishing, that target specific organisations or individuals, and Whale Phishing, which targets public figures and celebrities.
Cybaverse will attempt the three main types of Spear Phishing to assess the awareness of Phishing in Lapland Industries.
Cybaverse sent an email to several Elves pretending to be The Head Elf Of IT, asking users to reset their password to access the systems in Lapland Industries. This included a link to the login portal used.
25 of the 350 Elves that received this email clicked on the link and 10 completed their login details, giving Cybaverse access to 10 Elves login details.
Cybaverse sent an email to the 4 Elves that have direct reporting lines to Santa, pretending to be Santa to trick them into providing key information about Lapland Industries systems and networks.
All 4 Elves highlighted this as suspicious, and this Phishing attempt failed this time around. It’s not uncommon for threat actors to try the same attempt again on different employees or at a later date.
Lastly, Cybaverse conducted a business email compromise Phishing attempt. Asking employees to purchase an E-Gift card for a particular employee for the office Secret Santa.
This was sent to 150 Elves 7 Elves clicked on the link and only 1 Elf proceeded to purchase an E-Gift card.
Cybaverse were able to compromise 11 accounts. 6 of these accounts were low level Elf contractor accounts and didn’t have the access required to reach the Naughty or Nice list as they were correctly segregated in the development network. The other 5 accounts had Multi-Factor Authentication, so Cybaverse decided to target one of these accounts in the logistics department for a further vishing campaign, which will be completed tomorrow.
Throughout the Phishing attempts, Cybaverse stayed inconstant contact with Mr and Mrs Claus so they were aware of the attempts. A summary call was given at the end of the day to provide an update on the project. Full in-depth findings and outcomes will be given in the summary report on completion of the Red Team.
The Gruber group have also been known to utilise Vishing as a TTP to gain access to systems. Cybaverse will look to conduct a vishing attempt on Lapland Industries tomorrow, using todays findings.
The below are some key steps you can take in your business to prevent yourself from Phishing.