Abstract
The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians. Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack. Furthermore, the need for countermeasures to the attack was presented. Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g. e-mail filtering system) cannot follow the trend utilized by most attackers. Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing. There is an urgent need to accomplish these objectives because the attack is gradually evolving. In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation. In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McDowell, M.: Avoiding Social Engineering and Phishing Attacks. United States Computer Emergency Readiness Team (2013). http://www.us-cert.gov/ncas/tips/st04-014. Accessed 06 February 2013
http://news.heraldcorp.com/view.php?ud=20131230000115&md=20140102004031_AT. Accessed 30 December 2013
Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 1st Quarter 2013. http://docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf. Accessed 23 July 2013
Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 2nd Quarter 2013 (2013). http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf. Accessed 5 November 2013
Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 3rd Quarter 2013 (2013). http://docs.apwg.org/reports/apwg_trends_report_q3_2013.pdf. Accessed 10 February 2013
Anti-Phishing Working Group (APWG) (2012) Phishing Activity Trends Report, 4th Quarter 2012 (2012). http://docs.apwg.org/reports/apwg_trends_report_Q4_2012.pdf. Accessed 24 April 2013
http://www.asiatoday.co.kr/news/view.asp?seq=907299. Accessed 11 December 2013
http://www.social-engineer.org/. Accessed 2014
https://efraudprevention.net/home/assets/img/spear_phishing.jpg. Accessed 2014
http://iconixtruemark.wordpress.com/2011/06/. Accessed 30 June 2011
Schackleford, D.: The APT is Dead. Long Live the SST! WordPress Blog (2011). http://daveshackleford.com/?m=201103. Accessed 21 March 2011
Choi, K.-H., Lee, D.H.: A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention. Multimedia Tools Appl. (2013). Doi:10.1007/s11042-013-1727-y. http://link.springer.com/article/10.1007%2Fs11042-013-1727-y
http://www.digitalbond.com/blog/2013/01/30/s4x13-video-ics-spear-phishing/. Accessed 30 January 2013
http://www.plixer.com/blog/advanced-persistent-threats-2/internet-threat-defense-solution-part-2/. Accessed 16 February 2013
http://securityaffairs.co/wordpress/8390/malware/fireeye-advanced-threat-report-the-inadequacy-of-the-defense.html. Accessed 4 September 2012
Kim, Y.-H., Park, W.H.: A study on cyber threat prediction based on intrusion detection event for APT attack detection. Multimedia Tools Appl. (2012). Doi:10.1007/s11042-012-1275-x. http://link.springer.com/article/10.1007/s11042-012-1275-x
Townsend, K.: Spear-phishing is the single biggest threat to cyber security today. WordPress Blog (2012). http://kevtownsend.wordpress.com/2012/12/07/spear-phishing-is-the-single-biggest-threat-to-cyber-security-today/. Accessed 7 December 2014
Acknowledgements
This work was supported by the IT R&D program of MSIP/KEIT [010041560, A development of anomaly detection and a multi-layered response technology to protect an intranet of a control system for the availability of pipeline facilities].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Song, M., Seo, J., Lee, K. (2015). Study on the Effectiveness of the Security Countermeasures Against Spear Phishing. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_31
Download citation
DOI: https://doi.org/10.1007/978-3-319-15087-1_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15086-4
Online ISBN: 978-3-319-15087-1
eBook Packages: Computer ScienceComputer Science (R0)