312-50V11 · Question #956
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An em
The correct answer is A. Spear-phishing attack. Stephen used spear-phishing to deliver malware via a targeted email with a malicious attachment, ultimately compromising industrial systems.
Question
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components. What is the attack technique used by Stephen to damage the industrial systems?
Options
- ASpear-phishing attack
- BSMishing attack
- CReconnaissance attack
- DHMI-based attack
How the community answered
(67 responses)- A73% (49)
- B3% (2)
- C16% (11)
- D7% (5)
Why each option
Stephen used spear-phishing to deliver malware via a targeted email with a malicious attachment, ultimately compromising industrial systems.
Spear-phishing is a targeted phishing attack directed at specific individuals or organizations rather than a broad audience. Stephen crafted a fraudulent email with a malicious attachment aimed at employees of a specific target organization, which is the defining characteristic of spear-phishing. Once opened, the attachment delivered malware that propagated across networked systems to damage industrial automation components.
SMishing (SMS phishing) uses text messages as the attack vector, not email with malicious attachments.
Reconnaissance is an information-gathering phase that precedes an attack and does not involve delivering malware.
An HMI-based attack directly targets the Human-Machine Interface of industrial control systems, whereas Stephen's initial vector was a targeted fraudulent email.
Concept tested: Spear-phishing targeting industrial control systems
Source: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
Topics
Community Discussion
No community discussion yet for this question.