Threat
Feed
Phishing
The Executive Wire Scam
Phishing attacks have been with us for many the
years. This sub-type of spam involves sending a mass of emails with a generic
message that often seeks money. A more limited scope of attack that resurfaces
from time to time is related to a phishing attack but is known as ‘Spear
phishing’. Spear phishing works by emailing a select group of people with a
message directed at them with a subject matter germane to the person. For instance,
a person working in an accounting department would be targeted with a fake
email that seems related to financing and they would feel compelled to read the
email regarding finance.
The latest email scam involves the spear phishing
attack with social engineering being added in for effect. With the amalgam
currently in use, the attackers complete a reconnaissance of the business,
acquiring the domain name, and select persons in the accounting and finance
departments, using social engineering techniques to get the specific names of
the staff members responsible for wiring and approving the wires. Much of the
needed information can often be obtained by social engineers trolling social
media sites where people thoughtlessly post their PII (Personal Identifiable
Information.)
Armed with this knowledge, the attacker may send a
directly worded email to the person responsible for wiring funds to a bank,
generally located in Hong Kong or China, for an invoice or other logical use.
The “CEO” may provide in the email that they are exceptionally busy and to
ensure the wire is processed soon.
DDoS
CCTV
Breach
The
CCTV has become common in businesses, both retail and offices. These are also
being seen more in consumer homes as the residents want to monitor the
premises, inside and out, when they are not home. The attackers have found
however a manner to attack these and use them for DDoS attacks. Recently this
operation was analyzed as the attackers focused their efforts on a small
jewelry shop. The jewelry shop website received, at the height of the attack,
50,000 HTTP requests/second, targeting the app layer (layer 7). This level of
attack generally will cease any other traffic intended to the website, as the
website for a small retail establishment is able to manage possibly a few
hundred or thousand requests per second at the same time. All of this traffic was
from CCTV devices. Due to the number of requests, there were a number of bot
nets involved. This was possible as these pieces of hardware having poor
security and a portion from various vendors having the same hard-coded root
password.
Ransomware
Ransomware continues to be an issue. This year the
medical industry has been a significant target. The latest example with this has
been the hospital in Hollywood, who ended up paying the ransom for the key.
There also have been police stations that have been the victim and paid for the
key in order to gain access to their data. One of the latest high-visibility
victims of this is the NASCAR team Circle Sport-Leavine Family Racing (CSLFR). Days
before the team was planning on taking a car out for testing, the computer,
which happened to have mission critical information on it, began to act
strangely. There were random files present and other odd items. The crew chief
clicked on a file, and the next time he attempted to access another file, every
file was encrypted. The critical files held years of data. The crew ended up
paying $500 in bitcoins to have the key to decrypt the files. Although this was
stressful, it reminds us that files from unknown sources should not just be
clicked on.
No comments:
Post a Comment