Black Hat 2013: Trustwave Releases Spear-Phishing Tool

Sean Michael Kerner,
Phishing emails landscape

Trustwave’s researchers have built a tool designed to help improve security by mimicking highly targeted attacks

A new tool that is being released at the Black Hat security conference in Las Vegas by security researchers from Trustwave aims to improve social engineering attacks with more targeted and convincing spear-phishing messages.

The tool uses online activity as a digital fingerprint to create a better spear phisher. Spear-phishing messages are highly targeted, socially engineered attacks designed to trick a user into thinking that a message that is a fraud is in fact legitimate.

Microphisher

Trustwave security consultants Joaquim Espinhara and Ulisses Albuquerque, built their tool to help users improve IT security.

The goal of the Microphisher tool is to help craft messages that are similar in appearance, style and language usage to a given person of interest, Espinhara told eWEEEK. The general idea is to be able to write and send a message to the spear-phishing target that looks as though it legitimately came from a known contact, he said.

blackhat-conferenceThe Microphisher tool is being released under the GPLv3 open-source licence via the social coding website GitHub. The first release starts with the initial concept and provides a reference implementation, Espinhara said.

The system uses the open-source MongoDB database, Albuquerque said, adding that Microphisher doesn’t normalise the data it pulls in, rather it just ingests the raw data from various online sources, including social media sites.

The tool then helps the security researcher craft a legitimate-looking message using the same language tone and style that the target has been using in their online lives.

Hit and miss

So does it work?

“It has been hit and miss mostly,” Espinhara said. “But we tested it mostly on security guys, so that’s not the best audience, but that’s what we had access to at this point.”

Trustwave provides social-attack engineering services that aim to check the readiness of an organisation, said Espinara, who said he sees Microphisher as a useful tool for penetration testing overall.

“This helps us to produce content that looks legitimate,” Espinhara said.

There are a number of things that users can do to protect themselves against Microphisher and phishing attacks, in general.

Espinhara recommends that people don’t click on random, unknown links, even if the link appears to have come from a known source.

“You can’t realy trust content from someone just because it’s someone you know,” Espinhara said. “You can’t assume that just because it’s a message that looks legitimate, that it came from the right place.”

Are you a security pro? Try our quiz!

Originally published on eWeek.