Certified Ethical Hacker (CEH v11) — Question 366

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.
What is the attack technique used by Stephen to damage the industrial systems?

Answer options

• A. HMI-based attack
• B. SMishing attack
• C. Reconnaissance attack
• D. Spear-phishing attack

Correct answer: D

Explanation

The correct answer is D, Spear-phishing attack, as it specifically refers to targeted phishing attempts directed at individuals within an organization, which aligns with Stephen's method of sending a fraudulent email to specific employees. The other options are incorrect because HMI-based attacks focus on human-machine interfaces, SMishing involves SMS messages rather than emails, and reconnaissance attacks are preliminary steps to gather information rather than direct attacks.