In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Mohammed Syed says
The Denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server. service or network. DDos is launched from numerous compromised services, often globally in what is stated to be a botnet. Through pings and traceroutes, an attacker can discover the IP addresses, and map of the network around the target. Pings are ICMP echo requests, and the echo replies to messages that verify a host IP address and availability. Traceroute is a network mapping utility that takes advantage of the time to live (TTL)field in IP packets. The most obvious symptoms are slowness of the website application service being unable to the users, Network Time Protocol, Http request flood, and TCP handshake are DNS servers spoofed with IP addresses. They send out odd traffic patterns such as spikes, to add hours of the day or patterns that appear to be unnatural. With these types of methods used it would depend on the organization’s network on which type of attack is a bigger threat. With Spam phishing, the victims are often masses, and spammers usually go for mass employee email addresses. Employees are familiar with the phishing emails attacks, however, 1 in 10 thousand, due to human error, might click on the phishing email and the result is the spammers being successful in their attack. Spear phishing targets, and specifically has one or a select number of victims. With spear phishing the hackers often know personal information about the victim or victims, and they use that to manipulate the victims in doing things that go against the organization and its policies.
Wilmer Monsalve says
Hi Mohammed, I really like how you explained the how DDos works and the details of botnet. Furthermore I believe you would agree that spam phishing would be more effective in achieving this process given that even by mere accidental clicks can get the task completed through numbers as opposed to the limited options of catching a single or selected set of targets.
Andrew Nguyen says
Hi Mohammed,
Thank you for detailing what a DoS attack is and the difference between spam and spear phishing!
I personally think that spam phishing would be more of a threat, considering it reaches more targets and only requires one individual to make a mistake to fall victim to it, but I’m curious to hear your thoughts on which one is more of a threat.
Thanks for sharing your thoughts!
Best,
Andrew
Olayinka Lucas says
Hello Andrew,
I would have to disagree with you on that one. Spear phishing, a subcomponent of whale phishing, is directed at a specific target with little or no likelihood of monitoring or mitigation. In contrast, spam phishing is usually directed at a community of users, with the likely probability of identifying and notifying the threat, which may lead to mitigation. This is not always so in the case of a single target.
Andrew Nguyen says
While both spam and spear phishing are threats to an organization’s network and computer resources, I would say spam phishing is the bigger threat in the context of a DDoS attack.
There is a saying that a chain is only as strong as its weakest link, and I think that applies here. While spear phishing is more ‘tailored’ to an individual and may have a higher percentage of succeeding, if the targeted individual is knowledgeable about safe security practices, they should be able to not fall victim to the phishing attempt (and ideally report it). Spam phishing however has multiple targets, and only one person needs to fall victim for it to be successful. If organizations do not have a robust security awareness training program that applies to all individuals at all levels of a company, they may fall victim to a spam phishing attempt.
I would also like to point out that even if an organization does have a robust security awareness training program, it only takes one mental slip up by one individual to fall victim to a spam phishing attempt (such as clicking link in an email). For these reasons, spam phishing appears to be the larger threat to an organization’s network and computer resources.
Alexander William Knoll says
Prior to reading your comment I was leaning more towards spear phishing being a larger threat, but you definitely make a great point. Spam phishing is just so widespread and so simple to achieve, which makes it such a low risk-high reward method for attackers. And while you’d expect most people to be able to combat this, there are still so many people who are uneducated on the matter, in spite of training, and like you said, it only takes that one slip up. Interesting point.
Olayinka Lucas says
Hello Alexander, to refer to Spam Phishing as a low-risk, high-reward attack activity is very accurate. This is the act of pushing several malicious data packets to multiple victims with a high likelihood that at least one user would be compromised. Based on the assertion that the level in education is high, my recommendation would be to continually ensure that awareness and training on such issues continue to be a significant part of every Information Security Management System
Corey Arana says
Spam phishing vs spear phishing, which is a bigger threat to an organization’s network and computer resource?
I believe that Spam phishing can be a bigger threat to the organization over spear phishing. Spear phishing is an attack that has been organized by a cyber criminal to attack a specific individual. After gaining information about an individual, the attacked is attempted. Spear phishing can have a high rate of success due to the highly customizable and personal emails that the attacker sends. If the individual is properly trained and knowledgeable, the attack can fail.
With Spam phishing, an attacker will send out a phishing email to thousands of employees in the organization. With Spam phishing, the attacker only needs one employee to open their email file/ link to gain access to the organization’s network and computer resources. With quantity or quality in this instance, I believe that an attack with thousands of opportunities to work over a handful is the reason why spam phishing is a bigger threat to the organization over spear phishing.
Andrew Nguyen says
Hi Corey,
I agree that spam phishing is the bigger threat to an organization when compared to spear phishing. While a singular spear phishing attempt may have a higher probability of succeeding versus a singular spam phishing attempt, the benefit that a spam phishing attempt has is the sheer volume / number of targets that it reaches, and only requires one to fall victim to it.
Thanks for sharing your thoughts!
Best,
Andrew
Olayinka Lucas says
Hello Correy, I would have to disagree with you on this one.
Looking at your analogy of quantity over quality, I would instead follow quality over quantity. Spear phishing targets an individual, while Spam phishing is community-based. Spear phishing is a sub-component of whale spishing, targeted at high executives and C suites personnel with access to Crown Jewels within an organization, i.e., Personnel with access to data that can bring down the whole organization if compromised.
I believe this carries more consequences than general users with little or no access to consequential data. However, security is critical, and every organization should ensure awareness and training within the organization regardless of the mode of spishing.
Kelly Sharadin says
The greatest threat to an organization’s network and computer resources in regards to DDoS attacks specifically would be spam. Spam is the primary attack vehicle that botnets deploy as part of the DDoS attack. Botnets utilize spam due to the sheer volume of emails they can deploy to overwhelm targets to take their networks and services offline. As part of a botnet, the company IP addresses could be deny-listed by cyber threat intelligence firms and receive negative ratings due to the attack despite being a victim of the attack. Furthermore, if the organization operates on an AWS infrastructure, Amazon may temporarily pause cloud-based networking or computer resources leading to further disruption to business operations. DDoS and spam pose significant availability threats to an organization if no controls exist to mitigate such risk.
Dan Xu says
Hi Kelly,
I agree with you that spear phishing are both the biggest threat to an organization’s network and computer resources. Although both phishing and spear phishing are common forms of email attacks, the common denominator is getting the person receiving the email to click on a malicious link or attachment. However, spear phishing emails are carefully designed to be really successful because they are targeted. I neglected to mention that for organizations, security awareness training programs need to be applied at all levels of the company to be prepared to combat the damage caused by spear phishing emails. Real-time spear phishing and phishing fraud defense through artificial intelligence better secures the network environment.
Matthew Bryan says
Spam phishing will likely provide a better ROI than Spear phishing given that spam campaigns send more emails which increases the probability of a successful compromise. In this attack, the user often needs to accept the malware by clicking a link or downloading a file. Once this is complete, the host is compromised and further user action is not required. This incentivizes volume in attempts as the barrier for success is low and higher quantities are desired by the attacker. The attack volume accounts for emails being filtered, deleted, or ignored as most users will likely not engage with a generic unexpected email.
Spear phishing has a higher individual success rate with users completing the required action, but a lower overall ROI. This is due to the time investment needed to compose a targeted Spear phishing email. This doesn’t make sense to use with DDoS campaigns given the required effort. An argument could be made for Spear phishing system administrators with access to multiple computers, but the probability of success is much lower than targeting a less technical user. Sysadmins are a harder target given their role and knowledge of technology. That said, compromising one sysadmin could provide a bigger payout since they often control multiple computers and systems.
Kelly Sharadin says
Hi Matt,
Well said, phishing is sometimes simply a statistics game and this is even more compounded by the nature of DDoS attacks. Blasting an executive with a ton phising emails would likely (hopefully) tip the user to suspect something is “phishy”. Whereas, as stated in your post, spreading out emails to target a large volume of users would be less likely to be detected as suspicious and the attacker only needs one user to click through to successful before detection.
Kelly
kofi bonsu says
Good analysis but you must understand that Phishing attacks use social engineering techniques mixed with technical tricks to fool the user and steal sensitive information and banking account credentials. Social engineering schemes are typically based on spoofed emails to lead users to visit infected websites designed to appear as legitimate ones. The websites are designed to lead customers to divulge financial data, such as account usernames, credit card numbers, passwords, and social security numbers. The technical subterfuges are various and usually involve the use of malware specifically designed to steal credentials from victims while hiding evidence of the attack.
kofi bonsu says
Phishing attacks are often seen as counterfeit communications that increasingly seemed to emanate from a trustworthy source but which can compromise all types of data sources. Hence the intended attacks can enable access to your online accounts and personal data, obtain permissions to change and compromise connected systems such as point of sale terminals and order processing systems and in some cases hijack entire computer networks until a ransom fee is delivered. Most often hackers are satisfied with getting your personal data and credit card information for financial gain. In other cases, phishing emails are sent to gather employee login information or other details for use in more malicious attacks against a few individuals or a specific company. Phishing is a type of cyber attack that every employee within the organization should learn about in order to protect themselves and ensure email security throughout an organization. However, phishing attacks are targeted towards a wide range of people, whereas spear phishing scam is targeted towards a specific individual or group, or at times, organization or business executing a sophisticated targeted attack to gain unauthorized access. Spam is a tactic for hawking goods and services by sending unsolicited emails to bulk lists. While annoying, spamming is not nearly as dangerous as phishing, which tries to trick a user in divulging sensitive information. Businesses sending spam (including those who are perceived to be sending spam) run the following risks: They could alienate their customers — which, ultimately, could damage their reputation and lose them business. Their legitimate email correspondence could end up in people’s junk folders.
Phishing is one of the most damaging forms of cybercrime. But, there are a lot of different types of phishing. Wire transfer phishing causes direct, quantifiable losses when businesses pay fake invoices sent to them by fraudsters. The FBI’s data shows that U.S. businesses lost $1.8 billion in 2020 to wire transfer phishing via email. Ransomware attacks are frequently delivered by email. Clicking the link in a phishing email can lead to your documents, databases, other files becoming encrypted. Emsisoft estimates that ransomware cost organizations $7.5 billion in 2019.But what about the resultant repercussions caused to individual companies? A single phishing attack can have devastating impact for a business. The biggest known phishing scam of all time targeted tech giants Facebook and Google. This example of wire transfer phishing cost the companies around $121 million over two years. But the indirect losses caused by phishing can be even have far-reaching consequences for organizations. When Australian hedge fund Levitas Capital was defrauded for nearly $8.7 million in November 2020, the firm recovered 90% of the money. But the fund was forced to close after losing its biggest client as a result of the attack. In the light of above premises, I can suggest that spear phishing increasingly appears to have far-reaching impact for businesses than being attacked by spam phishing.
Source: https://www.tessian.com/blog/difference-between-spam-and-phishing/
Vraj Patel says
The bigger threat to an organization from the distributed denial of service (DDoS) attack is that they network would not be accessible in a timely manner to operate the business as normally. If the companies network becomes a resource of an DDoS then the organization network performance would be affected. If the company resource is being part of the DDoS attack, then the company can identify how that resource became part of the DDOS chain and remediate that. It would take time to perform a forensic and identify who that system became part of that DDoS chain and remediate that which means the companies that system would be not accessible to the users for a longer period of time if the company doesn’t have sufficient back up plan. Phishing email also plays a bigger role within this DDoS attack, as to make any system or network part of the bot the attacker sends in a phishing email to the users and when the user clicks on the link within the email. The malware would be executed within their system. Which then makes that system part of that bot network.
Christopher Clayton says
Distributed denial of service (DDoS) attacks are a subordinate of denial of service (DoS) attacks that involves multiple connected online devices (aka botnets) which are used to overpower a target website with phony traffic. In the case of spam and spear phishing, spam would be more of a threat to an organization’s network due to the fact that it is sent out in bulk to a large number of people where spear phishing is more specific and targeted for only one person to respond. That information would be sold on the black market or used for identity theft or fraud. The scammer in spear phishing may utilize a public platform such as social media, and use a fake email for only that person. In some cases spear phishing may impersonate a person that the victim knows (a family member, friend, or even an employer).
Vraj Patel says
Hey Christopher,
I completed agree with that spam would be sending out an bulk of traffic to an large number of people. However, spear phishing is also can be send to an multiple users at the same time so I would consider that both are an threat that has a similar criticality level.
Ryan Trapp says
Hi Vraj,
I would say that spear phishing could be sent to multiple users at once but it is more likely it is targeted. Usually with spear it is hyper focused and requires much more reconnaissance, which equates to time and effort, to pull off. Although I would also argue that what spear phishing is successful, it’s impact is more likely to be severe as opposed to spam phishing.
Christopher Clayton says
Good point Vraj. Whether it be one person or a large number of people, both spam and spear phishing are malicious, manipulative acts that unless is prevented with the assistance of good security practices (encryption, multi-factor authentication, strong passwords, etc.), victims are providing phishers easy access to their personal information.
Bryan Garrahan says
A DDoS attack attempts to disrupt the typical traffic of a server, service or network by overwhelming it or its surrounding infrastructure with a flood of Internet traffic. In the example used, a DDoS bot could potentially only need to compromise one computing resource in order to successfully penetrate a network. I believe spam would be the better of the two options as it requires less reconnaissance and can cover a larger volumes of targets than a spear phishing campaign. A spear phishing attack should deployed in situations where an attacker is trying to compromise a certain asset owned by a specific person in an organization with escalated privileges, such as a system or business administrator,
Corey Arana says
Bryan,
I do agree with you that spam phishing is the bigger threat and it appears our classmates think the same. Do you think that spear phishing could actually be the bigger threat ?
Bryan Garrahan says
In terms of a DDoS attack I don’t believe so. However, I think a spear phishing campaign would be better utilized in a targeted attack against a user with escalated privileges to a highly confidential or valued resource.
Ornella Rhyne says
Hi Bryan,
I agree with you that Spam phishing is bigger than Spear phishing as it targets a large number of recipients. Spear can be minimize or will not really happen if there is adequate training and awareness. Do you know how Spam phishing can be addressed? Is there training or other method that the organization can take to avoid it?
Victoria Zak says
Bryan,
However, spam and spear phishing are both similar, I agree spam phishing is a bigger threat than spear phishing. Although spear phishing is targeted to an individual or several to only get one piece of information, spam phishing can impact a lot more and may have access to not only one document, but many more. Like any phishing attack, this can ruin a business’s reputation.
Ryan Trapp says
If we are examining the context of being attacked by a potential DDOS or having a company’s resources become part of a botnet to carry out DDOS attacks, then spam phishing would be a bigger threat to the company’s network and computer resources. With spam fishing, the attacker can cast a wider net and target many of the users at the company. Spear phishing is too narrowly focused to certain individuals at the company, usually being the executives. Also, given that the spam phishing approach can be reused for any individuals, it becomes a much more efficient approach. Spear phishing by nature is hyper targeted, which requires more time and effort in crafting the attack.
The goal of the DDOS attacks is to get as many computers attacking the target as possible. This will lead to the DDOS having a higher probability of being successful. Given this, it makes more sense for an attacker to use a spam phishing approach rather than a spear phishing approach.
Miray Bolukbasi says
DDoS — Distributed Denial of Service attack is the “attempt to crash a web server or online system by overwhelming it with data”. By overwhelming the server or network with too much traffic, hackers can bring down the service. The traffic includes messages, requests for connections or fake packets.
Even though both spam and spear phishing relates to clicking on malicious link or attachment, the primary difference is the target of the attack. Spear phishing is designed to get a single recipient to respond where spams are sent to very large of numbers of recipients.
In “Computer and Information Security”, Vacca explains the Botnet particularly that is attacking network address and infects vulnerable computers. I believe spam would be more successful to attack since the goal is to infect as many as parts of the parts of the computer. Spear is more designed on specific target and if the training and awareness in place, the victim might not fall to the social engineering tactic. However, with spam phishing, the probability of someone falling into the malicious link or attachment is higher which makes is bigger threat for the organization.
Ornella Rhyne says
Hi Miray,
I like your post and the fact that you took a sentence or citation from Vacca to emphasize your point of view is very good. Spear and Spam phishing are both threat to an organization network but Spam phishing is very bad as it targets a large numbers of recipients like you said and it’s time consuming to take care of it. Organization must be prepared to avoid this issue from happening by putting an email filter and all types of protection they need to secure the network.
Ornella Rhyne says
DDos stands for Distributed Denial of Service and it’a a method where hackers flood a network with so much traffic that it cannot operate or communicate as it normally would. Out of the two I would say spam fishing because it targets a large number of recipients while spear is only designed to one recipient to respond.
Spear phishing could be manageable by adequate training understandable to users that know how to recognize and avoid clicking on spear phishing. While Spam phishing would be a little difficult to manage because of the number of recipients that are targeted. It’s irritating and time consuming so I would say that an organization can take adequate measure to avoid this incident as much as possible.
Michael Galdo says
In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
In the context of being attacked by a DDoS, I would say that spam phishing is a bigger threat to an organization’s network and computer resources. Spear phishing involves targeting specific individuals in an attempt to gain confidential information on a company, whereas spam phishing involves planned attacks on a large amount of employees with the hope that at least one person takes the bait and reveals confidential information on the company. Spam phishing is the bigger threat in my opinion because the odds of a successful attack are higher. On top of their being more chances for the attacker to successfully get into a network, there’s also the openness that multiple pieces of information can be gained based on the range of access different users have.
Michael Duffy says
I would say spam phishing poses a much more threat to an organizations network and computer resources. If the adversary is localizing a botnet to attack an organization they are likely playing a numbers game. Heavy bombardment as thousands of emails are overwhelming an organizations systems would end up causing issues with their servers and might even force the server to implement safeguards that cause emails to delay. Which means the organization would have a much strenuous time dealing with the problem internally and communicating between programs like Outlook. It also poses the threat as only one person has to overlook spam emails accidently and send over information an attacker leverages. In an organization filled with thousands of people, the probability of at least one person accidently clicking on a link is extremely likely.
Spear phishing would not make sense in this case since it only targets specific individuals or groups within a organization. Arguably you wouldn’t even need a botnet to launch this type of attack and would be a waste of time and resources for an attacker.
Michael Galdo says
Hi Michael,
I agree with you in that spam phishing is a bigger threat to an organization’s network and computer resources. With spam phishing being a larger attack to a group of employees, rather attacking certain individuals which is the concept of spear phishing, the odds of a successful attack through spam phishing are much higher. The time spent dealing with a spam phishing attack is larger and more tedious then a spear phishing attack, and there are multiple chances of gaining additional information through attacks on different employees rather one individual specifically.
Joshua Moses says
Spear phishing would be a greater threat than spam phishing. Spam goes out to a bunch of end user’s and it is easier to spot. Spear phishing is more convincing because it targets a specific person, or specific people. In a spear phishing attack, the attackers gathers information from the target’s facebook, LinkedIn, or other resources, and create an email claiming to be someone you know and likely trust. The goal is to convince the user enough to click the link or attachment in the email that will infect the target’s system.
A similar attack to spear phishing is called whaling. These attacks target big fish in the organization, such as the CEO or CFO. They are targeted because they assuredly have access to some very sensitive data.
Dhaval Patel says
Hi Joshua,
I get the reasoning behind spear phishing, and really both methods pose threats, but I went with spam phishing for the main reason that you can target more people have a greater chance of a successful DDOS attack. Yes with spear-phishing you can get more information about an individual but if that individual has received proper information security training then it is less likely they will fall prey to the spear-phishing attack.
Ryan Trapp says
Hi Dhaval,
I agree with how you’ve explained it here. Spear phishing, in the right context, could potentially be the more impactful of the two type of phishing approaches. However, in the contact of a DDOS attack, it makes sense that the method that targets as many machines as possible would be the most effective approach.
Andrew Nguyen says
Hi Joshua,
I like the points you brought up when mentioning the threat that a spear phishing attempt poses to an organization.
I’m curious what information an attacker takes into account when they decide to use either spam/spear phishing attempts. If their goal is to simply gain access, then they would probably pick spam phishing; but if their goal is to gain access to specific information that may only be available to select individuals, then spear phishing may suit them better.
Thanks for sharing your thoughts!
Best,
Andrew
Joshua Moses says
Hello Dhaval and Ryan,
After reading both of your responses, you have brought some clarity on what the question was actually asking. I understand now, and I agree that it is more likely to reach more end users with a spam phishing attack. Spear phishing is more time consuming and it isn’t likely that the hacker is going to go through the trouble of making a unique email for each target. With a DDoS attack, the hackers would want to reach as many ppl as possible, so I see why they would go with spam vs spear. Thanks for putting things into perspective for me!
Victoria Zak says
Joshua,
Unfortunately, I disagree with your post. I can understand on the other side, where spear phishing would be a greater threat than spam phishing. With spear phishing, cyber criminals can take advantage and look on an individual who is associated with the organization, act like a personnel. Cyber criminals can gain this information from social media via Facebook, Linked-In. However, I believe a spam phishing is more effective since it triggers to the entire organization.
Olayinka Lucas says
A significant consequence of a distributed denial of service (DDoS) attack is network inaccessibility. When an entity suffers a DDOS attack, the organization’s ability to successfully carry out its essential processes is undermined because it is the victim; however, If the company is a resource, it becomes part of the components of the DDOS attack. Therefore, being a resource to a DDOS attack is not as consequential as being the victim of a DDOS attack.
Spear phishing is a more substantial threat than spam phishing for one fundamental reason. Spam goes out to several end-users, and it is easier to spot. Spear phishing is to specific targets.
Madalyn Stiverson says
Hi Olayinka,
I agree that spam phishing is the more common consequence of DDoS attacks.
Adding on to your point about spear phishing being a more substantial threat… It’s very easy for hackers to gain information about high level employees in the company. Usually, the chief officers have their names and images posted on the company’s website. This makes it easy for the hacker to guess the email address (e.g., first_last@company.com). The hacker can also find specific information on these individuals via social media. For example, if they noticed via LinkedIn said individual typically attends certain industry events, they could send a spear phishing email about that industry event to that individual.
Antonio Cozza says
In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
In general, spear phishing could potentially have a bigger risk as it probably results in an overall higher success rate than normal phishing. Having enough information on a target to craft a targeted phishing attack could potentially bring more damage if the organization is overall well trained against spam phishing. However, just by shear numbers, an attacker has far greater chances and has to do much less work with spam phishing. Specifically in the context of a DDoS, spam phishing seems more concerning as the goal is to harvest as much bandwidth as possible from remote machines to execute the attack and effectively deny service and crash load balancers, so more chances at success might mean more machines added to the botnet pending attack launch. It seems somewhat impractical that in the context of a DDoS attack spear phishing would be used without extensive knowledge that the target might be able to gain access to many other machines if the spear phishing attack were to be successful. As an attacker seeking to accrue a botnet for my DDoS attack, I would likely go with spam phishing if I had to choose one method. If the DDoS is successful by either, the network and computer resources will be consumed.
Richard Hertz says
I agree with your final statement – the end result can be the same: a compromised end point. The measure is really akin to ROI (effort invested vs outcome) Spam costs less to administer, but success rates are significantly lower than Spam. How much Spam do I need to generate per successful Bot created vs how many points do I need Phish to generate a Bot endpoint? But I agree with your assessment – the end result is the same: a compromised endpoint that results in network and computer resources being consumed in a DDOS attack.
Madalyn Stiverson says
Spam phishing is much more common, so I would say that’s the biggest threat. However, Spear phishing occurs when the organization is specifically targeted and the email or even phone call uses the names and lingo common to that organization. The person could name drop the CFO or CISO to pressure an employee to providing sensitive information or to providing access to the systems. Therefore, Spear phishing attempts are more difficult to recognize compared to Spam phishing.
However, I think in the context of malware that creates a network of bots to participate in DDoS attacks, Spam phishing is the more common cause. In Spear phishing, they typically target money transfers or ransomware. Also, the time it would take the hacker to spear phish enough computers and companies to execute a DDoS attack is very high. It’s much less effort to spam phish everyone and every company you can get an email address for.
Lauren Deinhardt says
Hi Madalyn, great response. You are correct in that spear phishing is meant to target a specific individual, which can target the CIA preservation of a company. However, the mass production of spam phishing really pushes this to be a tactic perfect for creating botnets.
Antonio Cozza says
I agree Madalyn,
It is not really feasible or common under the context of a DDoS attack from a botnet for an attacker to perform a spear phishing attack in most cases. I think the only exception would be where the attacker has gained some inside knowledge that the spear phishing target’s machine in question is able to control other machines on the network. If there is a large network where this scenario occurs, it might be possible, but overall spam phishing is definitely a more common occurrence and would likely lead to a larger botnet faster with less time and effort applied by the attacker.
Joshua Moses says
Hello Madalyn,
You have provided a great explanation for both spam phishing and spear phishing. I liked how you mentioned that spear phishing is not easily recognized. I also responded to this question by saying spear phishing emails are more convincing. However, you were accurate in saying spam phishing is the common cause of compromising machines and turning them into bots which partake in a DDoS attacks. Good job, and very insightful answer!
Victoria Zak says
Madalyn,
You made great points about both, spam and spear phishing. Spear phishing is not really recognized like you said. As I conduct an audit, many companies focus more on spam phishing and takes spam phishing very seriously such as trainings.
However, companies should have training on spear phishing because it can always happen to an organization as much as any other threat.
Lauren Deinhardt says
In reviewing factors that compose both spam phishing and spear phishing, I conclude that spam phishing tactics pose a much larger threat in preventing distributed denial of service (DDoS) attacks. Although both methods do end up in a user potentially losing control of their machines to a botnet, spam phishing can impact large amounts of users over a short amount of time; meanwhile, spear phishing is specifically engineered to impact a unique individual. The quick, mass deployment of spam phishing attacks will assist attackers in creating a large group of devices to comprise a botnet, which can be used in enabling a DDoS attack at a higher rate than spear phishing would.
Michael Duffy says
Definitely Spam Phishing is the correct answer. Especially if the goal is a DDOS attack and not necessarily an attempt to scam credentials or money from the organization. And plus I’d argue that it would be a waste of a botnet for an attacker to utilize against certain individuals. At the end of the day they’re playing a numbers game.
Wilmer Monsalve says
While spear phishing requires reconnaissance and targeting of an individual or group, one may have the same or even more effects with spam phishing for the masses. This is due to the fact that it is a numbers game in the end of it all, if low level accounts can be compromised it can then move up the chain and spread within an organization instead of just targeting a specific target. This is all scenario based as well, but generally the most effective of the two is spam.
Bryan Garrahan says
Thanks for sharing Wilmer. Spear Phishing would be better suited if the goal were to actually compromise or gain access to a machine or resource. I don’t believe there is a way to perform a DDoS attack via spear phishing.
Dhaval Patel says
If we look at this from the perspective of a successful DDOS attack then spam phishing might be the most efficient. With spam phishing, you have the ability to target multiple individuals within one organization whereas with spear-phishing you are specifically targeting one individual. Now, this is not to say spear phishing isn’t an effective method, but statistically, you have a greater chance of performing a DDOS attack when reaching a large number of individuals rather than just one person.
Jason Burwell says
Hello Dhaval,
I agree with your point about spam phishing being able to target multiple ppl
Dan Xu says
Spear phishing poses an even greater threat to an organization’s network and computer resources when attacked by a distributed denial of service (DDoS) or inadvertently becomes its resource. Both phishing and spear phishing are common forms of email attacks that have in common the ability to get people who receive the email to click on a malicious link or attachment, but they have different impacts. Phishing emails are sent to a large number of recipients at random, with the expectation that only a small percentage will respond. For example, an email from a well-known courier company asks the recipient to enter specific personal information and then the personal information is trafficked to the marketplace.
Spear phishing emails are carefully designed. Fake emails are tailored to the recipient with the goal of getting a single recipient to respond so that their information can be stolen. Because of the growth of the contemporary internet and the increased use of social media, spear phishing email victims are becoming more and more common. For example, users can use the Barracuda Sentinel service, which uses artificial intelligence for real-time spear phishing and cyber fraud defense.
zijian ou says
I also believe spear phishing is a more significant threat because of its highly targeted nature, making spear phishing more dangerous than traditional phishing. The familiar tone and content of spear phishing messages make them more difficult for the average user to detect, thus increasing the threat level of phishing attacks.
Richard Hertz says
In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
Spear Phishing is a much bigger threat, because it is very targeted at your organization. It means that someone has identified you as a target and that means the attack is purposeful and not just an ad hoc or indiscriminate effort. If you have been targeted then there are likely specific outcomes that the perpetrators are after and they likely have more significant assets behind their efforts. They will aggressively go after those targets and will likely have a higher probability of success.
Once they have penetrated an organization the next line of defense is to prevent lateral movement – I believe that most organizations still have an over-reliance on perimeter defense (weaker inner defenses) and therefore once inside the perpetrators can move quite freely to compromise other end points – convert them to be part a Bot network for D-DOS attacks.
Bernard Antwi says
@Richard, I agree with you on spear being the bigger threat. Many times, government-sponsored hackers and hacktivists are behind these attacks. Cybercriminals do the same with the intention to resell confidential data to governments and private companies. These cybercriminals employ individually designed approaches and social engineering techniques to effectively personalize messages and websites.
zijian ou says
The significant difference between spear phishing and spam phishing is how cybercriminals conduct their malicious activities.
Spear phishing is targeted and personalized to a specific individual, group, or organization. In contrast, conventional phishing emails use many methods, including sending mass emails to many unsuspecting contacts. These phishing emails are typically produced quickly and often contain no personal information about the recipient.
Due to its highly targeted nature, spear phishing can be more dangerous than traditional phishing. The familiar tone and content of spear phishing messages make them more difficult for the average user to detect, thereby increasing the threat level of such phishing attacks. Therefore, I believe spear-phishing poses a more significant threat.
Michael Jordan says
Zijian,
I agree with you that the way spear phishing attempts are realistic and calculated, combined with the fact that their goal is very specific and targeted to an individual or organization, makes them a more significant threat in many situations. I think that in deciding which phishing method is a larger threat to an organization, the industry and potential exposures of the organization must be taken into account.
In general, overall, I think it would be hard to say which method of phishing is more harmful to organizations as a whole. I say this because of how widespread and easy spam phishing is. But, if I was the head of a tech company, I would certainly be more afraid of spear phishing.
-Mike
Jason Burwell says
Question 3: In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
Another tough one as they both are threats and can be very problematic. In this case of this question I am going to go with Spam Phishing as the bigger threat. Spam phishing casts a larger net with less effort and because I see it everyday working in the field and see just how many ppl get tripped up on it.
Alexander William Knoll says
While I personally think spear phishing is a bigger threat in the context of DDoS, I definitely see your point in the context of spam phishing. I also work in an organization that has a constant barrage of spam phishing, and it is so crazy to me that people proceed to fall for these weak attempts on an almost daily basis, despite constant awareness training by management.
Alexander William Knoll says
A distributed denial of service (DDoS) is a malicious attack committed on an organization which aims to target a server, service or network and overwhelm said target with an excess flood of internet traffic. With that being said, while both spam phishing and spear phishing are a threat, I would say spear phishing poses a bigger threat to an organization in the context of DDoS. The reason I say this is because spear phishing targets individuals rather than focusing on a mass delivery method. It also has the potential to be far more dangerous as it is purposely and carefully directed to an organization/individual as opposed to being randomly generated spam.
Miray Bolukbasi says
Hi Alexander,
I personally thought that spam phishing would be bigger treat for the organization since the possibility of someone to become a victim is higher. However, now that I read your post it makes me think that the specific targeted attacks might be more dangerous since it’s more developed and prepared instead of random one sent out to giant population.
Alexander William Knoll says
Miray,
I definitely agree with your point as well. After reading other people’s comments I’ve kind of switched my opinion on the matter. I guess that either way you look at it they’re both dangerous in their own ways, it just kind of depends what one personally considers to be the bigger threat.
Bernard Antwi says
I would say spear phishing because emails are carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information to craft a fake email tailored for that person.An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware. These emails often use clever tactics to get victims’ attention. For example, share online that you will be traveling to Chicago soon, and you might get an email from a colleague (apparently), saying “Hey, while you’re in Chicago you’ve got to eat at Joe’s Grill, check out their menu.”
Michael Jordan says
I think that when deciding whether spam phishing or spear phishing is a bigger threat to an organization, it is critical to take into account the industry the business is in and the education level of its employees in the aspect of information security. For example, spear phishing is much bigger threat to an IT or cybersecurity company, whereas spam phishing is a bigger threat to non-technical companies.
In general, I would say that spam phishing is the bigger threat because of the scope of the targeting. It could take a lot of time and resources to identify the right target and method of attack for a spear phishing attack, but it does not require as much effort to phish to a large number of individuals if only one has to bite.
Michael Jordan says
On second thought, I change my opinion on this topic.
I think spear phishing is a bigger threat because spear phishing attempts are only getting more sophisticated over time, have a higher chance of success, usually reap more benefits for cyber criminals, and because spear phishing has the potential to trick even the most educated employees if it is done well enough.
A main factor in what caused me to change my opinion is the article I summarized for this weeks in-the-news discussion.
Victoria Zak says
In the contexts of being attacked by or unwillingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: spam phishing or spear phishing?
Spam phishing is a bigger threat to an organization’s network and computer resources than spear phishing. Spear phishing is targeting an individual or several employees with a goal of receiving a piece of confidential information for fraud. For example, a cybercriminal can look up information of that targeted individual on social media such as LinkedIn or Facebook. The cyber criminals can make an email look like it came from a following colleague, requesting a wire transfer or even signing an agreement. However, email filters can stop large scale phishing emails that contain known phishing URLs.
Spam phishing is a lot more common than spear phishing. Spam phishing is one to an organization, rather just one individual. Once an employee clicks the spam, the attacker can get into the business’s network. They can have access to anything in the network- since they have access. Such as, account, organization, and customer information. Any leak of the information will ruin that company’s reputation.