Case Study

Lateral Movement: Spear Phishing Detection and Intelligent Response

Attacker Objective: Access Critical Applications

Threat Type: Lateral Movement

A small group of employees at a petroleum refining giant were targeted by a sophisticated spear phishing campaign aimed at stealing credentials to access important information and applications.

The targeted nature of spear phishing makes it especially dangerous because most often, an organization does not become aware of compromised credentials until they’re already being used by bad actors. This is because the people being “phished” willfully click on malicious links or provide credentials to attackers who have become extremely adept at spoofing emails to look legitimate. With so much information about a person’s professional and personal lives available online publicly, it’s increasingly easy for attackers to deceive their targets.

However, while spear phishing attacks vary based on the attacker and the target, there are certain tactics, techniques and procedures (TTPs) common in almost all attacks of this nature. For example, even targeted campaigns are rarely isolated to a single user, so once an email is delivered, a small number of users will typically “take the bait” and click on a link.

Download Case Study