CISOs, SOC Managers.
Spear phishing is a targeted attack that, unlike general phishing attacks, does not rely on an easily detected spam campaign. Instead, the victims are carefully selected.
In 2019 the Verizon data breach investigation report listed phishing as the leading cause of data breaches in that year.
It is clear from the data that no matter what security may be in place, there is always the possibility that someone, somewhere in your organization will click on a link that will result in your corporate network being compromised.
The goal of the Spear Phishing deception campaign is to deflect the spear phishing attack into a buffer zone to collect actionable and real-time threat intelligence about the attacker.
The deception director deploys the assets associated with the Spear Phishing Campaign, these include: web based email service accounts and web based supporting infrastructure, for example servers. This is your deceptive buffer zone to fool the spear phishers.
Your SOC takes known Spear Phishing emails that are attempting account compromise, and then adds the credentials for the web based email service accounts, deployed above, to the Spear Phishers infrastructure.
CounterCraft will detect when the threat actors are interacting with the deception buffer zone and you will be alerted immediately.
The platform continues to collect intel in real-time on how the threat actors use the compromised account, and where they pivot to from the account.
Enriched threat intel data in the form of TTPs (MITRE ATT&CK) and IoCs including IP addresses, and credentials used by threat actors. The threat intel data can be sent to external security tools such as MISP, a SIEM or SOAR platforms.
Simplify communication with board and key management about the strategic merit of threat intelligence - use hard evidence, and organization specific intel to back up your messaging.
Obtain actionable threat intelligence,
that is specific to your organization, that enhances the corporate security strategy.
Reassess your current security control sets based on objective evidence of adversaries circumventing current security controls.
Our goal was to mitigate the risk of a spear phishing attack being successful, ensuring that we had the security controls in place to stop the attackers.
Deception allows us to see in real time what an attacker would do when they execute a spear phishing attack. Also, this happens in a different environment from our infrastructure that the attacker believes it is real. So for us it gives intelligence and doesn't involve any risks.
Once the spear phishing email was reported, we used it to trigger it in our deception environment. We successfully gathered in real time the TTPs the attacker would have used against us. This allowed us to make informed modifications to our security policy and reconfigure other security systems.