Sharing the right information is a powerful enabler, but sharing the wrong information can give an attacker a foothold, which can lead to a successful compromise of your network. Read more below about the different types of threats posed.

Spear Phishing

A highly-targeted communication, usually an email with a malware-infected attachment or hyperlink, is sent to one or a small group of specific individuals at the target organisation. When the payload is activated the attacker gains access to the target network.

1. Hostile reconnaissance

Attacker mines the internet for information to assist a cyber attack.

2. Network intrusion

Attacker constructs a tailored email and payload, then sends to employees.

3. Data exfiltration

Employee opens email attachment. Payload is executed and data exfiltrated.

Magnify
Diagram of phishing attack

Helpdesk coercion

The attacker uses the information gained to pose as a legitimate member of staff and dupe IT staff into granting access. Similarly attackers can impersonate the IT staff and target users to obtain sensitive information.

Targeted malware

Having understood the layout of an organisation's network and software versions, the attacker is able to inject malware with increased chances of success in bypassing security measures..

Targeted personal attacks

Those who would do harm to high-risk individuals use hostile reconnaissance to help understand the target's acquaintances, family life and likely location.

Technical intrusion

Reconnaissance that reveals the layout of IT infrastructure helps focus efforts at the weakest points the organisation's defences.

Procedural compromise

Having used the information gathered to understand the organisation's security processes in detail, the attacker is able to bypass them.

Social media impersonation

The attacker breaches the social media account of an associate of a targeted individual or impersonates an apparently legitimate identity. The attacker can then post infected hyperlinks, masquerading as the associate. When the targeted individual follows the links, the attacker gains access to the network.