<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1534

          術語表: /attack/glossary

          內置魚叉

          攻擊者可以使用內部騙局來獲得其他信息的訪問權,或者在他們已經可以訪問環境中的帳戶或系統之后利用同一組織內的其他用戶。內部魚叉式攻擊是一種多階段攻擊,其中通過使用以前安裝的惡意軟件控制用戶的設備或破壞用戶的帳戶憑據來擁有電子郵件帳戶。攻擊者試圖利用可信任的內部帳戶來增加誘騙目標使其陷入網絡釣魚嘗試的可能性。

          攻擊者可以將魚叉(T1193)式釣魚附件(T1193)或魚叉式(T1192)釣魚鏈接(T1192)作為內部魚叉式(T1192)釣魚的一部分來傳遞有效負載或重定向到外部站點,以通過模仿電子郵件登錄界面的站點上的輸入捕獲(T1056)來捕獲憑據。

          曾發生過使用內部魚叉式魚雷的顯著事件?!?Eye Pyramid”使用帶有惡意附件的網絡釣魚電子郵件在受害者之間橫向移動,在此過程中破壞了將近18,000個電子郵件帳戶。 敘利亞電子軍(SEA)在英國《金融時報》入侵了電子郵件帳戶,以竊取其他帳戶憑據。金融時報獲悉該攻擊并開始警告員工該威脅后,SEA發送了仿冒金融時報IT部門的網絡釣魚電子郵件,并能夠危害更多用戶。

          Adversaries may use internal spearphishing to gain access to additional information or exploit other users within the same organization after they already have access to accounts or systems within the environment. Internal spearphishing is multi-staged attack where an email account is owned either by controlling the user's device with previously installed malware or by compromising the account credentials of the user. Adversaries attempt to take advantage of a trusted internal account to increase the likelihood of tricking the target into falling for the phish attempt.

          Adversaries may leverage Spearphishing Attachment or Spearphishing Link as part of internal spearphishing to deliver a payload or redirect to an external site to capture credentials through Input Capture on sites that mimic email login interfaces.

          There have been notable incidents where internal spearphishing has been used. The Eye Pyramid campaign used phishing emails with malicious attachments for lateral movement between victims, compromising nearly 18,000 email accounts in the process. The Syrian Electronic Army (SEA) compromised email accounts at the Financial Times (FT) to steal additional account credentials. Once FT learned of the attack and began warning employees of the threat, the SEA sent phishing emails mimicking the Financial Times IT department and were able to compromise even more users.

          標簽

          ID編號: T1534

          策略: 橫向運動

          平臺: Windows,macOS,Linux,Office 365,SaaS

          所需權限: user

          數據源: SSL/TLS檢查,DNS記錄,防病毒,Web代理,文件監視,郵件服務器,Office 365跟蹤日志

          緩解措施

          這種攻擊技術無法通過預防性控制輕松緩解,因為它基于濫用系統功能。

          his type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

          檢測

          網絡入侵檢測系統和電子郵件網關通常不掃描內部電子郵件,但是組織可以利用基于日記的解決方案,該解決方案將電子郵件的副本發送到安全服務以進行脫機分析,或者使用內部部署或API-合并服務集成的解決方案?;诨A的集成,以幫助檢測內部的魚叉式攻擊。

          Network intrusion detection systems and email gateways usually do not scan internal email, but an organization can leverage the journaling-based solution which sends a copy of emails to a security service for offline analysis or incorporate service-integrated solutions using on-premise or API-based integrations to help detect internal spearphishing attacks

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看