What do the pictures mean?
In my last post, I mentioned the company blog we started to annotate malicious emails and websites. SharePoint’s basic blog system had access to a set of stock photos. I used these as a mnemonic trick to help employees understand at a glance what type of event this was.
As I make more “Anatomy of a” posts, I’ll continue that here. I’m working with Pexels‘ free stock photos, which should keep the original author’s info in the image’s metadata. I don’t know exactly which images I’ll be using yet, but I know what I’ll be looking for. I’ll also come back to this list whenever I find myself repeating certain images.
Meta
Open boxes and unpacking deal with works in progress items.
Nuts and bolts are the building blocks of the blog – definitions, any features I implement, and such.
Cyber Actor Goals
A fishing pole sounds like a phishing attack, where the cyber actor is trying to get information from you.
Money changing hands hints at fraud, where the goal is to trick you into giving them money.
A hidden cameraman represents espionage – someone wanting to get in and look around for profitable info.
The fisherman’s toolkit is for items that may not be an attack on their own, but like a bobber, floater, lure, or weight, assist in a phishing attempt.
Methods
The login screen represents a business email compromise, which is often the attackers’ initial goal.
The hooded person at a laptop represents a man in the middle which is an active con game played after gaining access to someone’s email account.
This simple masks show an impersonation, where the cyber actor uses whatever accounts they have and try to make them look like someone you know.
A cat staring at his statue would be a copycat domain, where the cyber actor sets up a duplicate domain to trick people.
A present with confetti indicates malware, the gift that keeps on giving. Ask any stage manager about glitter.
The whale breaching the surface represents a news commentary post about data breaches and exposure.
Next On Stage: Off Phishing 
You must be logged in to post a comment.