• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2024 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Zoom link

Question 3

October 23, 2024 by David Lanter 30 Comments

In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?

Filed Under: Unit 10: Network Security Tagged With:

Reader Interactions

Comments

  1. James Nyamokoh says

    October 24, 2024 at 2:07 pm

    In the context of DDoS attacks, spear phishing poses a greater threat than spam phishing. Spear phishing is more targeted and sophisticated, often aimed at high-value individuals or systems within an organization. By compromising key accounts, attackers could gain privileged access to critical infrastructure, allowing them to use the organization’s resources for launching large-scale DDoS attacks or disrupting services.

    Spam phishing is more indiscriminate and generally less effective in breaching specific, high-value targets. While it could still result in compromised resources, the potential for spear phishing to facilitate a large-scale breach makes it the greater risk for becoming an unwitting resource in a DDoS scenario.

    Log in to Reply
    • Christopher Williams says

      October 25, 2024 at 4:04 pm

      I agree, spear phishing is definitely the bigger threat when it comes to DDoS attacks. Spear phishing is targeted and personalized, it’s more likely to successfully trick important individuals into giving up access to their accounts. Once attackers have access to these key accounts, they can use the organization’s systems to support a large-scale DDoS attack or even disrupt services within the company. While spam phishing can still cause security issues, it’s usually less targeted and less likely to reach high-level accounts. Spear phishing’s ability to cause a more serious breach makes it the bigger risk.

      Log in to Reply
  2. Christopher Williams says

    October 25, 2024 at 4:02 pm

    Spear phishing is a bigger threat to an organization’s network and computer resources in the context of DDoS attacks. Unlike spam phishing, which targets users with generic messages, spear phishing is highly targeted and aimed at specific individuals within the organization. This targeting often includes personalized details, making it more convincing and increasing the likelihood of successful attacks.
    A successful spear phishing attack can give attackers access to privileged accounts, allowing them to compromise systems and use the organization’s resources to launch DDoS attacks. In comparison, spam phishing is generally less effective, as it relies on high-volume, low-success tactics without the specific targeting that spear phishing employs.

    Log in to Reply
    • Nelson Ezeatuegwu says

      October 25, 2024 at 10:37 pm

      Hey Chris
      the good thing thing is that most organization are responding with a targeted security education training and awareness to the high value individuals who are victim to spear phishing attacks.

      Log in to Reply
  3. Nelson Ezeatuegwu says

    October 25, 2024 at 10:32 pm

    Phishing uses malicious email messages, text messages and voice calls to trick people into sharing sensitive data while spear phishing is a targeted phishing sent to highly valuable individuals based on research, crafted to appear to come from a sender who has relationship to the recipient. In the context of DDoS Spear phishing is a bigger threat to organization’s network because a successful spear phishing targeted at an individual with elevated privilege account can provide the attacker with access to a compromised system in a network allowing the attackers to use the system as a base to carry out a large volume of DDoS attacks. Spear phishing is much rarer than phishing attacks but they pursues much larger valuable rewards. When successful has a much larger impact than bulk phishing scams.

    Log in to Reply
    • Tache Johnson says

      October 26, 2024 at 3:20 pm

      Great explanation, Nelson! I like how you highlighted the targeted nature of spear phishing and its higher impact than general phishing attacks. Given the increased sophistication of spear phishing attacks, what additional strategies or training do you think organizations should implement to help high value individuals recognize and avoid these targeted threats? Like advanced security training or enhanced authentication and access controls.

      Log in to Reply
      • Nelson Ezeatuegwu says

        October 26, 2024 at 8:20 pm

        Hi Tache
        To protect against spear phishing, it is essential for organizations to implement a range of best practices like multifactor authentication, advanced or targeted employee training and awareness programs as you mentioned. also, conducting phishing simulations, implementing fundamental email security protocols, and using advanced email threat detection and response tools are included in the best practices.

        Log in to Reply
      • Gbolahan Afolabi says

        October 28, 2024 at 12:36 pm

        Hello Tache,

        I believe both countermeasures would be optimal. In addition to heightened security mechanisms, adequate training and awareness should be disseminated so that these high-value targets understand the role they play in safeguarding critical infrastructure and why certain technical controls are in place so they do not try to circumvent them.

        Log in to Reply
  4. Tache Johnson says

    October 26, 2024 at 3:12 pm

    Distributed Denial of Service (DDoS) attacks are more likely to target an organization’s network and computer resources with spear phishing than with spam phishing. Spear phishing uses individualized and persuasive communications, sometimes with malicious links or files, to target certain people inside an organization. If these attacks are successful, credentials may be compromised, or internal systems may be accessed without authorization. Attackers might then utilize this access to install malware or take control of critical systems, transforming them into DDoS attack resources without the organization’s awareness.

    On the other hand, spam phishing involves broad, generic attacks targeting many people, making it less precise. While spam phishing can still be harmful, its lack of specificity usually results in lower success rates and less targeted impact. Spear phishing, due to its tailored approach, is more likely to deceive key personnel with higher access privileges. Spear phishing presents a higher risk due to its targeted nature and potential to directly compromise key systems within the organization.

    Log in to Reply
    • Nelson Ezeatuegwu says

      October 26, 2024 at 8:28 pm

      I agree with your point, valuable individuals in organizations usually have accounts with elevated privileges, if a spear phishing is successful, the threat actor can have access to a compromised system and use the system as a launchpad to carry out high volume of DDoS attack.

      Log in to Reply
  5. Ericberto Mariscal says

    October 26, 2024 at 6:49 pm

    While both spam and spear phishing are threats to an organization’s network and computer resources, I would say spear phishing is the bigger threat in the context of a DDoS attack.

    Spam phishing is a broader approach which involves sending mall emails to a large number of recipients, it has a lower success rate since the spam email is not personalized which would raise questions. Whereas spear phishing would involve a highly targeted attack aimed at a specific individual. Attackers gather information about their target and can create convincing and personalized messages. Because these emails are tailored to the recipient, they are more likely to have a higher success rate in deceiving the target. The target is usually someone with valuable credentials as well, so the ROI on the attack is higher compared to spam phishing.

    Log in to Reply
    • Andrea Baum says

      October 26, 2024 at 8:36 pm

      You’ve made an excellent point about the heightened threat of spear phishing, especially in the context of DDoS attacks. Its targeted approach not only raises the chances of successful deception but also presents serious risks when valuable credentials are compromised, highlighting the importance of organizations prioritizing awareness and training to combat these threats.

      Log in to Reply
  6. Andrea Baum says

    October 26, 2024 at 7:30 pm

    Spear phishing poses a greater threat to an organization’s network regarding DDoS attacks because it targets specific individuals with persuasive, customized messages. This method increases the chances of key personnel unknowingly introducing malware, like botnets, into the network. Once infected, the organization’s systems can be used in DDoS attacks, consuming bandwidth and impacting performance, whereas spam phishing is generally easier to detect and less targeted.

    Log in to Reply
    • James Nyamokoh says

      October 26, 2024 at 9:53 pm

      Hi Andrea,

      I agree that spear phishing poses a significant threat by targeting specific individuals and increasing the likelihood of malware introduction, which can facilitate DDoS attacks. However, it is also crucial to consider the broader implications of user training and awareness as preventative measures against both spear phishing and DDoS threats. Organizations should invest in comprehensive cybersecurity training programs that empower employees to recognize and respond to phishing attempts effectively. Additionally, implementing advanced detection mechanisms can help mitigate these risks.Great post.

      Log in to Reply
  7. Neel Patel says

    October 27, 2024 at 12:13 pm

    Spear phishing poses a bigger threat than spam phishing for DDoS attacks because it is highly targeted and can gain direct access to privileged accounts within an organization. If successful, it can result in greater control over resources, which can then be leveraged in coordinated DDoS attacks, compromising network integrity and availability.
    Spear phishing is more dangerous because it targets specific employees, like an executive leader, with convincing emails to gain privileged access. This is typically the profile of a victim since they would have access to confidential information and data. If the executive unknowingly provides their login credentials, the attacker could use the organization’s servers in a botnet for DDoS attacks. This misuse of resources can slow operations, compromise network integrity, and damage the organization’s reputation. Ultimately, this makes spear phishing the greater threat.

    Log in to Reply
  8. Vincenzo Macolino says

    October 27, 2024 at 1:13 pm

    Spear phishing presents a larger risk for DDoS attacks because they are specifically targeted at individuals of an organization. Usually spear phishing attacks are targets at high ranking employes and are personalized, they have a higher chance of success compared to spam phishing. Spam phishing is still a threat, but is not as personalized and distributed broadly which lowers the threat to PII. Spear phishing is dangerous in terms of a DDoS threat because it usually aims at employees who have access to PII and network infrastructure. If an attacker is able to gain access to network infrastructure through a spear phishing attack it could result in DDoS attacks and degrade network performance.

    Log in to Reply
  9. Cyrena Haynes says

    October 27, 2024 at 1:36 pm

    Between spam phishing and spear phishing, spear phishing poses a significantly greater threat to an organization’s network and computer resources, especially regarding Distributed Denial of Service (DDoS) attacks. Unlike spam phishing, which targets a broad audience, spear phishing is highly targeted, often focusing on specific individuals in an organization with privileged access. These emails are carefully customized, making them harder to detect with traditional security tools. If successful, spear phishing grants attackers’ deeper access to network resources, potentially compromising critical systems and sensitive credentials. With this access, attackers can install malware, co-opting the network and creating repeated vulnerabilities. This increases the risk that an employee will inadvertently allow attackers into sensitive areas of the network, from which they can initiate internal or external attacks, including DDoS.

    Log in to Reply
  10. Benjamin Rooks says

    October 27, 2024 at 4:33 pm

    Spear Phishing would be much more likely to be a threat here. Specifically because if a low-access user is phished then it would presumably not cause a massive breach. If a specific user, one with higher levels of access is targeted for a spear phish however then their compromised credentials would be able to be used for lateral movement across the company and would be able to cause much more damage.

    Log in to Reply
    • Neel Patel says

      October 29, 2024 at 10:55 am

      Hi Benjamin! I agree with your post. If a high-profile executive is targeted, it can lead to a massive breach, compromising an organization’s data. We saw this in the first Case Study with the Dean of the University. If a professor’s laptop were to be stolen, it would be less severe compared to the Dean’s. Was this strategic? I think so.

      Log in to Reply
      • Ericberto Mariscal says

        October 29, 2024 at 6:35 pm

        Hi Neel,

        I think this is a great example for this question, the offender would assume someone high profile like the dean would have access to a lot more on their laptop than a professor for sure. I would have to agree in saying the dean was targeted.

        Log in to Reply
      • Benjamin Rooks says

        October 29, 2024 at 7:34 pm

        Yeah, like if a student or just a normal professor was breached then it would have been an issue but the scale would have been significantly diminished. I definitely think that if I was attacking in this day in age I would focus my efforts on specific targets.

        Log in to Reply
  11. Aisha Ings says

    October 27, 2024 at 6:51 pm

    This is a tricky one, and I guess it really depends on who is targeted and what the attacker hopes to achieve. With spam phishing, you can target multiple individuals within an organization, while spear phishing focuses on a single individual. Spear phishing is highly effective and more likely to succeed in gaining access to critical systems and privileged users. However, spam phishing offers a greater chance of enabling a DDoS attack by reaching a larger number of individuals, increasing the likelihood that some employees will fall victim. While spear phishing can cause more damage, spam phishing may have a wider reach for enabling such attacks.

    Log in to Reply
    • Dawn Foreman says

      October 28, 2024 at 11:06 am

      I agree that they are both cause for concern in an organization but I think with the proper security awareness training, spear phishing causes a greater threat. While spam phishing reaches a broader group of people, I think they are less likely to fall into the attack. By personalizing the message and specifically focusing on individuals, employees are more likey to be vulnerable.

      Log in to Reply
      • Aisha Ings says

        October 28, 2024 at 10:13 pm

        Hi Dawn,

        I get your point of view as well, but in the end, both types of attacks require thorough defense strategies since each can be dangerous depending on what the attacker aims to achieve.

        Log in to Reply
  12. Brittany Pomish says

    October 27, 2024 at 8:12 pm

    In the context of DDoS attacks, spear phishing poses a bigger threat to an organization’s network and computer resources compared to spam phishing. Spear phishing is highly targeted and personalized, making it very difficult to detect. These attackers are very convincing, and in turn, very successful. It can lead to compromising access to critical systems and resources.

    I was recently at an audit conference, and one of the speakers presented on a spear phishing attack that involved AI deep fakes. In the attack, an employee was invited to a Zoom call with a C-Suite individual and believed they were talking to the individual; however, it was an AI deep fake. It was a successful attack, as it was very convincing and personalized.

    Log in to Reply
    • Vincenzo Macolino says

      October 28, 2024 at 6:18 pm

      Brittany, I agree with you that spear phishing poses a bigger threat to an organizations network. I like the example you gave about how you were able to see an attacker you AI deep fakes to successful attack on employee of an organization. This brings up a great topic on the way hackers are evolving and what we are going to be able to do in terms of trying to combat spear phishing as it continues to get more advanced.

      Log in to Reply
    • Ericberto Mariscal says

      October 29, 2024 at 6:42 pm

      Hi Brittany,

      I actually just experienced an AI deep fake recently, a friend’s instagram account was hacked, and the scammer uploaded a video of my friend with a voiceover thanking another account for turning $200 into $5,000 dollars, the video looked so real. Great post!

      Log in to Reply
  13. Gbolahan Afolabi says

    October 28, 2024 at 12:12 am

    In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), spear phishing poses a bigger threat to an organization’s network and computer resources because it is a form of social engineering targeted at an individual or an organization. Due to its nature, a spear-phishing attack is formulated to trick an individual who has restricted access or authority to information systems. Attackers employing this attack often spend a lot of time and resources on social engineering techniques meant to impersonate or fool otherwise more knowledgeable individuals.

    If a spear phishing attack is successful and threat actors are able to install malware on an organization’s network, they may be able to locate and attack information systems crucial to an organization’s operations. Alternatively, they may use malware to organize information systems (which are often powerful) into subnets to attack other targets.

    Log in to Reply
  14. Dawn Foreman says

    October 28, 2024 at 11:02 am

    Spear phishing is the bigger threat in the context of a DDoS attack. Spam and spear phishing are both threats to an organization’s network and computer resources that casue concern. However, .spam phishing is a broad approach at attacking an organization that involves sending mall emails to a large number of individuals. There is no personalization so with the proper security awareness traning, personnel shoudl be able to identify the phishing attempt. It does work sometimes but the success rate is lower compared to spear phsihing which is a more targeted attack. With spear phishing, attackers gather information about their target and create personalized messages.

    Log in to Reply
    • Cyrena Haynes says

      October 28, 2024 at 6:59 pm

      You bring up a great point about the increased risk of spear phishing. Unlike spam phishing, which casts a wide net with generic messages, spear phishing is highly targeted, making it harder for even well-trained personnel to recognize. Spear phishing not only threatens network security but can also lead to compromised accounts, which may allow attackers to execute DDoS attacks or gain access to other critical resources. This makes it essential for organizations to prioritize both technical defenses and continuous security training focused on recognizing these personalized threats.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (1)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (2)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in