Phishing Attacks
摘要
A common attack vector for initial access to a target network is a phishing attack. In these types of attacks, a threat actor tries to convince a user on the target network to visit a website or open a document, usually with the purpose of getting the target to provide confidential information or run a piece of malware. The MITRE ATT&CK framework categorizes these as a type of initial access attack, of type T1566. They include sub-techniques for spearfishing, using either attachments, links, services, or voice as the mechanism to convince the target to provide access. Spearphishing is a type of phishing that targets a smaller number of important targets in an organization.