Which of the following is characterized by an attacker attempting to map out an organization’s staff hierarchy in order to send targeted emails?
C. Privilege escalation
D. Spear phishing
Correct Answer: A
Section: Threats and Vulnerabilities
A whaling attack is targeted at company executives. Mapping out an organization’s staff hierarchy to determine who the people at the top are is also part of a whaling attack.
Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats.
B: Impersonation is where a person, computer, software application or service pretends to be someone it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. No examples of impersonation occurred in this question.
C: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The attack described in the question is not an example of privilege escalation.
D: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient’s own company and generally someone in a position of authority.
Mapping out an organization’s staff hierarchy could be used for a spear phishing attack. However, the emails in a spear phishing attack would be sent to everyone in the company (not targeted to specific people) with the sender ID spoofed to appear to be from someone in authority. In this question, it’s likely that the emails would be targeted to the executives and that would be an example of whaling.