Trustwave Microphisher Tool Mimics Spear-Phishing Attacks
Trustwave researchers at the Black Hat conference built a new tool to help use online activity to craft messages that could lead to exploitation.LAS VEGAS—Phishing is about to get a whole lot more personal, thanks to ethical hackers at Trustwave. A new tool that is being released at the Black Hat security conference by security researchers from Trustwave aims to improve social engineering attacks with more targeted and convincing spear-phishing messages. The tool uses online activity as a digital fingerprint to create a better spear phisher. Spear-phishing messages are highly targeted, socially engineered attacks designed to trick a user into thinking that a message that is a fraud is in fact legitimate. Trustwave security consultants Joaquim Espinhara and Ulisses Albuquerque, built their tool to help users improve IT security. The goal of the Microphisher tool is to help craft messages that are similar in appearance, style and language usage to a given person of interest, Espinhara told eWEEEK. The general idea is to be able to write and send a message to the spear-phishing target that looks as though it legitimately came from a known contact, he said.
The Microphisher tool is being released under the GPLv3 open-source license via the social coding Website GitHub. The first release starts with the initial concept and provides a reference implementation, Espinhara said.