Targeted Phishing Attacks preview

Dear readers, 

We hope you’re spending this year's Holiday season with your family and friends, in the atmosphere of joy and peace. To brighten up this cold winter even more, we prepared for you an amazing issue about Targeted Phishing Attacks, that usually become even more frequent around Christmas time. If you want to learn more about various types of attacks, tools and other fields, dive in! Here’s what we prepared for you. 

We start off with Phishing and Spear Phishing Attacks, the Hows and Whys, Identification and Mitigation, which will be a great introduction to phishing attacks. Later on, we got a Spear Phishing: What Will Make Them Click?, an extremely interesting article with a more psychological approach to phishing, that will help you understand what makes people “catch the bait”. In Smishing - Phishing Attacks Through Text Messages you’ll learn about, as you can read in the title, about the art of phishing attacks through quick text messages.

If you’re interested in phishing tools, we got you covered! Take a look at Twas a Night Before Hackmas - A King Phisher Tale or at Phishing Using NexPhisher and learn about conducting phishing campaigns using those tools! 

In Phishing Campaigns - Attack and Defense, a great study by Veronica Berenguer Garrido and Adrian Rodriguez Garcia, you can read about everything you should know about phishing - how to search for emails and websites, how to clone a website, what are various types of phishing attacks and how to protect yourself against fraudulent emails. 

But that’s not all! We also prepared a couple of articles on other exciting topics, i.e. how to turn a mini router into a Kali Linux desktop, forensics cryptanalysis of hashtags and cybersecurity tips. Don’t worry, we won’t let you become bored :). 

We would like to wish you all the best for the upcoming year - new adventures are around the corner and we hope you’ll make the most of 2022! Thank you for being with us this whole year! See you soon!

Enjoy your reading, 

Magdalena Jarzębska and Hakin9 Editorial Team

>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here<<

Table of Contents

Phishing and Spear Phishing: The Hows and Whys, Identification, and Mitigation

Jeff Minakata

In this article, we will be diving into the world of phishing and spear phishing where we will be discussing the dangers of these attacks, identification, mitigation, and also some of the hows and whys that make these attacks so dangerous and popular.

Spear Phishing: What Will Make Them Click? 

Emmanuel Nicaise

Sending phishing emails to thousands of people is a statistical game. We pick a trendy topic; find a pretext and we’ll probably end up with 10 to 40 percent of our targets clicking on our bait link or opening our attachment. But, if we are after the crown jewels, we likely need to be more subtle to avoid detection and have the time to reach the treasure chest. A highly targeted attack is our best bet, a sniper shot, with a silencer. How will we find our target and be sure we hit the bull’s-eye? How do we build the perfect spear phishing attack? Let’s find out.

SMISHING - Phishing Attacks Through Messages

Cleber Soares, Deivison Franco

In this article, Smishing will be presented, a type of technological fraud, a variant of Phishing, as well as Spear Phishing, Vishing, Offline Phishing, Dumpster Diving, Typosquatting, QR Code phishing, Pharming and Link Shorteners. This article will clarify and help the target audience to know the possibilities of attacks it is exposed to and to position itself in front of them, as well as ways to prevent and avoid them in the corporate use environment, or in the personal use environment.

Twas the Night before Hackmas - A King Phisher Tale

Atlas Stark

King Phisher, according to its project page, is a tool that can simulate live phishing attacks against a variety of targets. Being able to simulate a high level phishing attack is extremely valuable within the corporate infrastructure, as corporations and their officers are often targets of these elaborate phishing expeditions. King Phisher has a range of functionalities, tools and templates you can utilize for your phishing engagements. Due to its large number of capabilities, we are not able to cover them all in one article. We will, however, briefly go over them and show you where to access them, as well as additional resources in the links section to assist your exploration.

Phishing Campaigns - Attack and Defense

Verónica Berenguer Garrido, Adrián Rodriguez Garcia

Cyber attacks have increased exponentially in the last decade, phishing one of the most common. This kind of attack supplants an official entity to obtain user data, such as passwords, banking or personal information, etc. The purpose of these criminal actions is to get information for their own use, sell to another entity or expose it in the Dark Web in exchange for economic compensation. It is interesting to mention there are many types of phishing attacks, like vishing (phone calls), QRishing (through QR code), smishing (via sms) and the typical mail phishing among others. In this article, we are going to learn how to elaborate from scratch a phishing attack, simulating the same steps that a real attacker would carry out. Besides, we will learn how to detect fraudulent mails to protect us from these attacks.

Phishing Using NexPhisher

Mayukh Paul

Phishing takes place when an attacker deceives a victim into opening a malicious link through email, messages, etc. which leads to a ransomware attack, installation of malware, and in most cases revealing sensitive information which might lead to huge losses. Such an attack might be very devastating to the user as it might lead to identity theft, unauthorized purchases, or stealing of funds. Let me show you how easy it is to create a phishing page for various social media.

Turning a Router into a Kali Linux Desktop

Daniel W. Dieterle

In this article, we will take a look at converting a SeeedStudio OpenWrt dual Gigabit router into a full Kali Linux desktop. We will walk through the steps of re-writing the Router OS to Kali Linux. We will then run it through a couple quick tests to show how well it works as a security testing platform. This will include attacking WiFi networks using an add-on WiFi card. We will also look at tracking airplanes live using the router and an RTL-SDR card.   

Unraveling a Case - Pro Tips on Cybersec Investigations That you Must be Aware of

Rodrigo Sozza

The post-incident activity (a.k.a. Post Mortem) is a crucial step in the incident lifecycle process - it  provides in-depth understanding from an OPSEC perspective, allowing a more adequate and focused response plan, but despite its importance, it is often conducted improperly, leading to loss of evidence integrity and inconclusive investigations. So, what aspects should not be overlooked when conducting an investigation?

#Hashtags, The Power of Manipulation

Wilson Mendes

Social networks, previously isolated, began to interconnect through the use of hashtags, naturally listed by search engines, thus forming an unlimited and complex structure. Although the terms of use of each social network can serve as a moderation rule for posts, there are no rules and ways to restrict what is published outside of it. It is a great illusion to think that a set of territorialist and demonstrably limited laws will be able to prevent technological forms without limiting frontiers from being widely used in the manipulation of results. 

Why does Log4j 0-day Vulnerability Get More Attention Than Other Vulnerabilities CVE-2021-44228?

Harshith m s. aka (ADWAITH)

Hello, H3cker’s and Java People! You may have already heard about the zero-day vulnerability found inside the Apache Log4j 2 Java library that has taken the net by storm. We will see how it works and how to identify it. Being curious about what this all meant, I prepared some of my findings below. Feel free to offer feedback in case you think I may have ignored a few critical records or have misinterpreted something.