Certified Ethical Hacker (CEH v12) — Question 287
Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.
What is the attack technique used by Stephen to damage the industrial systems?
Answer options
- A. HMI-based attack
- B. SMishing attack
- C. Reconnaissance attack
- D. Spear-phishing attack
Correct answer: D
Explanation
The correct answer is D, Spear-phishing attack, as Stephen specifically crafted a fraudulent email targeting employees, which is characteristic of spear-phishing. Options A and B do not involve the use of email to deceive individuals, and option C refers to gathering information rather than directly attacking systems.