A user received a suspicious email and reported it to the SOC team. After analysis, the team concluded that it was a spear phishing attack. According to the Diamond Model, how is the phishing email categorized?
A user received a suspicious email and reported it to the SOC team. After analysis, the team concluded that it was a spear phishing attack. According to the Diamond Model, how is the phishing email categorized?
In the Diamond Model of Intrusion Analysis, a phishing email is categorized under infrastructure. The infrastructure component refers to the physical or logical communication structures used by the adversary to deliver the attack to the victim. This includes elements like email addresses, domains, and IP addresses which are utilized in phishing attacks to reach the intended target.
should be A
An adversary must have the required capabilities. The capabilities can be malware and phishing email development skills or, at least, access to capabilities, such as acquiring malware or ransomware as a service.
Capability: What skills do the attackers have to do reconnaissance, deliver their attacks, attack exploits and vulnerabilities, deploy their remote-controlled malwares and backdoors, and develop their tools?