Skip to main content
SpringerLink
Log in

Study on the Effectiveness of the Security Countermeasures Against Spear Phishing

  • Conference paper
  • First Online:
Information Security Applications (WISA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8909))

Included in the following conference series:

  • 1583 Accesses

Abstract

The presentation entitled ICS Spear Phishing, held at the 2013 edition of Digital Bond’s Supervisory Control and Data Acquisition (SCADA) Security Scientific Symposium (S4) demonstrated that an attacker could employ a spear phishing attack to obtain rights to the accounts of the Industrial Control System (ICS) administrators or technicians. Motivated by this announcement, this paper analyzes the definition, principle, and problem of spear phishing, which is a social engineering attack. Furthermore, the need for countermeasures to the attack was presented. Attacks with spear phishing are gradually increased, but the existing system used in many organizations (e.g. e-mail filtering system) cannot follow the trend utilized by most attackers. Also, organizations have yet to establish adequate countermeasures, much less any standards for the countermeasures, to the problem of spear phishing. There is an urgent need to accomplish these objectives because the attack is gradually evolving. In summary, this paper advocates the awareness of the spear phishing threat and the implementation of countermeasures such as security education or simulation. In addition, it suggests on how to carry out the simulation effectively and how to quantify the gathered data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McDowell, M.: Avoiding Social Engineering and Phishing Attacks. United States Computer Emergency Readiness Team (2013). http://www.us-cert.gov/ncas/tips/st04-014. Accessed 06 February 2013

  2. http://news.heraldcorp.com/view.php?ud=20131230000115&md=20140102004031_AT. Accessed 30 December 2013

  3. Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 1st Quarter 2013. http://docs.apwg.org/reports/apwg_trends_report_q1_2013.pdf. Accessed 23 July 2013

  4. Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 2nd Quarter 2013 (2013). http://docs.apwg.org/reports/apwg_trends_report_q2_2013.pdf. Accessed 5 November 2013

  5. Anti-Phishing Working Group (APWG) (2013) Phishing Activity Trends Report, 3rd Quarter 2013 (2013). http://docs.apwg.org/reports/apwg_trends_report_q3_2013.pdf. Accessed 10 February 2013

  6. Anti-Phishing Working Group (APWG) (2012) Phishing Activity Trends Report, 4th Quarter 2012 (2012). http://docs.apwg.org/reports/apwg_trends_report_Q4_2012.pdf. Accessed 24 April 2013

  7. http://www.asiatoday.co.kr/news/view.asp?seq=907299. Accessed 11 December 2013

  8. http://www.social-engineer.org/. Accessed 2014

  9. https://efraudprevention.net/home/assets/img/spear_phishing.jpg. Accessed 2014

  10. http://iconixtruemark.wordpress.com/2011/06/. Accessed 30 June 2011

  11. Schackleford, D.: The APT is Dead. Long Live the SST! WordPress Blog (2011). http://daveshackleford.com/?m=201103. Accessed 21 March 2011

  12. Choi, K.-H., Lee, D.H.: A study on strengthening security awareness programs based on an RFID access control system for inside information leakage prevention. Multimedia Tools Appl. (2013). Doi:10.1007/s11042-013-1727-y. http://link.springer.com/article/10.1007%2Fs11042-013-1727-y

  13. http://www.digitalbond.com/blog/2013/01/30/s4x13-video-ics-spear-phishing/. Accessed 30 January 2013

  14. http://www.plixer.com/blog/advanced-persistent-threats-2/internet-threat-defense-solution-part-2/. Accessed 16 February 2013

  15. http://securityaffairs.co/wordpress/8390/malware/fireeye-advanced-threat-report-the-inadequacy-of-the-defense.html. Accessed 4 September 2012

  16. Kim, Y.-H., Park, W.H.: A study on cyber threat prediction based on intrusion detection event for APT attack detection. Multimedia Tools Appl. (2012). Doi:10.1007/s11042-012-1275-x. http://link.springer.com/article/10.1007/s11042-012-1275-x

  17. Townsend, K.: Spear-phishing is the single biggest threat to cyber security today. WordPress Blog (2012). http://kevtownsend.wordpress.com/2012/12/07/spear-phishing-is-the-single-biggest-threat-to-cyber-security-today/. Accessed 7 December 2014

Download references

Acknowledgements

This work was supported by the IT R&D program of MSIP/KEIT [010041560, A development of anomaly detection and a multi-layered response technology to protect an intranet of a control system for the availability of pipeline facilities].

Author information

Authors and Affiliations

  1. Center for Information Security Technologies, Korea University, Seoul, Korea

    Misun Song, JunSeok Seo & Kyungho Lee

Authors
  1. Misun Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. JunSeok Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kyungho Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kyungho Lee .

Editor information

Editors and Affiliations

  1. Pukyong National University, Busan, Korea, Republic of (South Korea)

    Kyung-Hyune Rhee

  2. School of Computer Science and Engineering, Soongsil University, Seoul, Korea, Republic of (South Korea)

    Jeong Hyun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Song, M., Seo, J., Lee, K. (2015). Study on the Effectiveness of the Security Countermeasures Against Spear Phishing. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15087-1_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15086-4

  • Online ISBN: 978-3-319-15087-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation