Page 60 - index
P. 60
2015: Year of the RAT Threat Report Supplement
Defending Against Spear Phishing, RAT Deployment and Email Tracking
In my 2015:Year of the RAT Threat Report (see: http://www.snoopwall.com/reports/), I described
how I felt Sony Pictures Entertainment (SPE) was attacked by the Guardians of Peace aka #GOP.
In this supplement, I would like to cover how Spear Phishing works as well as Email Tracking, even
commercial tools that are freely available for trials or limited email sending, which allow the sender
to collect very useful data on the recipient including that which hackers typically use to exploit a
common vulnerability and exposure (CVE, see: http://cve.mitre.org of which I serve on the Board
and its sister search engine site http://nvd.nist.gov, funded by the US Department of Homeland
Security to allow you, for free, to track and find any vulnerabilities in your network equipment,
computer, operating system and software that might be used to exploit you).
Finding and Exploiting Vulnerabilities
It works like this – first you need to find email servers with vulnerabilities (CVEs) and then exploit
them to eavesdrop upon and track others emails. This will then allow you to build up a contact list
and what kind of messages a person sends, receives and opens, thus allowing you to spoof a
trusted party and attach a remote access Trojan (RAT). I’m not telling you this to recommend you
commit crime – in fact, I’m 100% against you doing so. However, without understanding why and
how you might become a victim of a Spear Phishing attack with an embedded RAT attachment, or
even exploitation of vulnerabilities in your email client or web browser, how can you expect to
defend yourself? Just watch http://map.ipviking.com and you’ll see loads of attacks against EMAIL
SERVERS in the USA. Why? Because the first step in reconnaissance (RECON) for a spear
phishing attack, is to break into a mail server, or find a recipient you can victimize so that you can
later spoof an email to their important friend, boss or business associate that is your ultimate target.
What is the difference between Spear Phishing and Email Tracking?
Typically Spear Phishing are very targeted attacks going after one individual. Usually, email
tracking is used by marketeers to make sure you opened an email they sent you and to collect
additional information about you. Lately, due to the proliferation of free email tracking offerings,
anyone from a debt collector to your local dentist or attorney or even a jealous spouse might use
email tracking services to ‘check up on you’ which includes GEOLOCATION technology, now.
Email tracking generally will use a hidden cookie and a web bug (also known as a web beacon) to
track the email. Spear Phishing will usually attach a RAT to the email hoping you will trust the
spoofed sender and open the attachment, then causing a much more painful and deeper infection
that may go unnoticed until it’s too late, as in the case of Sony Pictures Entertainment.
Email tracking will tell the person tracking the email when an email was received, opened, and
forwarded. It can tell when attachments or hyperlinks were opened and clicked. It can determine
how long someone was reading the email. It can also collect information about the geolocation of
60 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
