Anatomy of a Data Theft Attack For Sacramento ISACA January 2016 Mike Landeck Cyber Security Consultant
Agenda 1. USB Attacks 2. QR Code Attacks 3. Advanced Phishing Attacks 4. Malvertising 5. Watering Hole Attacks 6. How Simple Browser Modifications Would Have Stopped These 7. Name Your Own Adventure (Time Permitting)
DISCLAIMER • I do not speak on behalf of my employer. The information and perspectives I present are personal and do not represent those of my employer. • When I say “We have seen” I’m typically referring to the industry in general and not necessarily my current employer or any previous clients. • While it may look like we’re hacking on the Internet, everything we’re attacking today exists solely on my laptop. No laws are being broken
Rubber Ducky Downloads • OSX Internet • grab • local dns • OSX Grab • wifi Protocol Slurp passwords and poisoning Minecraft backdoor • OSX User Backdoor email • netcat FTP Account • WiFi • Android 5.x • ducky phisher download Password and password Lockscreen • EICAR AV test and upload to FTP grabber • Basic Terminal • fork bomb reverse • OSX iMessage • deny net Commands Ubuntu • ftp download shell Capture access • batch wiper drive upload • non • OSX Internet • disable avg eraser • generic batch malicious Protocol Slurp 2012 • Chrome Password • hide cmd auto • OSX Local DNS • OSX Root Stealer window defacer Poisoning Backdoor • copy file to desktop • Information • OS X Wget • OSX • OSX User • create wireless Gathering and Passwordless Backdoor network association Ubuntu Execute SSH access (ssh • OSX Ascii keys) Prank
Rubber Ducky Downloads
Self-inflicted Gunshot Wounds QR Codes and Millennials
Self-inflicted Gunshot Wounds
Self-inflicted Gunshot Wounds
Risk Path for a Data Theft Attack Physical Infiltration Near-Site Attack Remote Cyber Attack- Human Target “spear phishing” Remote Cyber Attack- Perimeter
Name a Major Breach that DIDN’T Start With One of These Watering Hole Phishing Malvertising Organized Crime Nation States Hacktivists
Making it Personal Attacking ISACA
Attacking Sacramento’s ISACA Chapter
Go-time Email Examples- Malware To : vicepresident@isaca-sacramento.org To : president@isaca-sacramento.org From : president@isaca-sacramento.org From : communications@isaca-sacramento.org Subject : For Web Site Subject : Sacramento Chapter Account Discrepancy Maria- This just came in from ISACA about Katheryn- Please post this to the website ASAP some missing money. I don’t have David’s as the registration deadline is coming up. Please contact Mike for a Please contact Mike for a address in my phone. Can you please It’s the registration form for the CRISC exam. clean copy. clean copy. forward this to him ASAP? Also, please have David forward it to the membership. Thanks, Thanks, Howard Howard Attached : SacError.pdf Attached : June-2016-CRISC-Exam-Registration- Form_frm_Eng_1115.pdf
Phishing Email Demo- Malware Writing and Distributing Malware using the Social Engineering Toolkit
Phishing Email Demo- Credential Harvesting Phishing the Webmaster’s Credentials
Go-time Email Examples- Getting the Webmaster’s Credentials To : webmaster@isaca-sacramento.org From : communications@isaca- sacramento.org Subject : Web Site Problems Please contact Mike for a clean copy. Katheryn- I think something is broken in the members’ section. Can you take a look at this page? Thanks, David
How I View the Attack Process and Awareness Training Opportunities Social Media Job Sites Employee Profiles Google LinkedIn Religion Organizations Research Sites Scanning Professional Associations Who do you Corporate trust? Friends/Colleagues IT Professional Delivery Profile Tech Vectors Interests Personal IT What are you Web Site Memberships emotional about? Phishing & Social Exposures from Role-Based IT Engineering social media data Security Training Awareness
Phishing Emails
Actual Phishing Logins Exchange.pitt.edu.auth.logon.aspx.bluebird.vn Images.google.com Subdomain Domain Subdomain Domain Image credit: University of Pittsburg, pitt.edu
Actual Phishing Logins
Phished ISACA Login- Is it or isn’t it?
Malvertising Google’s Double Click and Yahoo! Ads Have Both Fallen Victim
Malvertising Examples: 1. JavaScript 2. Flash Malware (#1 Attack Vector) 3. Full Server Compromise Image Credit: riskmanagementmonitor.com
Watering Holes Nation State’s Newest Attack Vector
Watering Holes Example: Watering Hole Example Image credit: http://blog.smartekh.com/
4 Things You Can Do Right Now Prevent What I Have Demonstrated
Sign in with a GUEST Account (Not Administrator) Can be downloaded from cybersecology.com/harden-firefox.pdf
Modify Your Settings: Options Can be downloaded from cybersecology.com/harden-firefox.pdf
Modify Your Settings: Add-ons Can be downloaded from cybersecology.com/harden-firefox.pdf
Modify Your Settings: Add-ons Can be downloaded from cybersecology.com/harden-firefox.pdf
How Well Does This Work? Hardened Default Full AV Common Browser Attack Vectors Browser Browser • Psuedo-malicious Flash Settings Settings Adobe • Psuedo-malicious JavaScript Flash JavaScript Antivirus • Infected ISACA PDF Infected PDF QR Code Sticker QR Code CyberSecOlogy Sticker URL • Watering Watering Hole Hole Attack Watering Hole Example • Malvertising
Contact Info @MikeLandeck www.CyberSecology.com linkedin.com/in/mikelandeck MikeLandeckCyberSec gmail.com Please provide me feedback by taking the survey at https://www.surveymonkey.com/r/WXFY2CG
Questions
Recommend
More recommend
