a look into a hackers mind · 5 smaller, more targeted phishing the phishing kits are more advanced...
TRANSCRIPT
REST ASSURED
A look into a hackers mindDIRF, September 2018
www.csis.dk
Agenda 1.00 Trends2.00 Live hacking3.00 Case studies4.00 Recommendations
A look into a hackers mind
1.00Trends
A look into a hackers mind
4
Identity theftCould this happen to you?
5
Smaller, more targeted phishingThe phishing kits are more advanced than ever and the IT criminals are fast and effect full
6
CEO and VENDOR fraudOne of the largest financial threat against companies
7
Smaller, more targeted phishingPhishing works on all platforms
8
Smaller, more targeted spear phishing e-mailsDistributing malware such as Trickbot
9
Ransomware expanding and evolvingDifferent types of strategies and motivation…
10
Threat actors becoming more patient, more professionalMalware: Carbanak
11
More resources required by both organisations and vendorsRussian interference in the US presidential election witness this
Source: CSIS
12
Data breaches constantly increasingHave you remembered to change your password recently?
13
Mobile malware quieter than expectedMost mobile malware is only advanced phishing attacks (overlay attacks)
14
DarknetEasy to find easy to use
15© CSIS Security Group A/S, 2018
Increasing DDoS activityThe largest DDoS attack ever seen with Mirai botnet: 1 TB+ traffic
2.00Live hacking
A look into a hackers mind
17
Find your targetEx: Company + job description + linkedin
18
Find e-mail addressE-mails typical follows a syntax
19
Find e-mail addressE-mails typical follows a syntax
20
Find e-mail addressUse darknet to check syntax (and compromised passwords)
21
Find e-mail addressUse darknet to check syntax (and compromised passwords)
22
Find e-mail addressOr use WWW…
23
Find software you can exploitMeta data in documents (Maltego)
24
Find software you can exploitMeta data in documents (Maltego)
25
Adobe PDF Library timelineInconsistency patch management
26
Make your spear phishing e-mailIs it possible to spoof the e-mail FROM field?
27
Make your spear phishing e-mailNow we are ready to make the e-mail
From: [email protected]: [email protected]
Pia Valentin ErichsenPlesner A/S
28
Make your spear phishing e-mailExcel Macro Attack
LIVE DEMO
29
Avoid Antivirus detectionGoogle: “antivirus + company name + linkedin”
30
Avoid Antivirus detectionEncrypt you malware and avoid AV detection
3.00Case study: Maersk
A look into a hackers mind
32
Maersk caseNotPetya
Step 1: Software update (outside)- Patient-0 difficult to protect against
Step 2: Auto-spreading (inside network)- Exploit- Credential harvesting
33
Maersk caseSetup
Security systems
Internet
Evil hacker
Patient 0
TARGET 2+
Malicious Medoc software update (auto)
Using Microsoft OS exploit and
Credential harvesting
3.00Case study: Circumvent two-factor authentication
A look into a hackers mind
08080808
*******
08080808
*******
1234
Circumvent two-factor authenticationCitadel, ZeuS, Ramnit, Trickbot, etc.
4.00Recommendations
A look into a hackers mind
37© CSIS Security Group A/S, 2015
38
What can I do / Learn more?Antivirus is not enough!
Company:
Be aware and prepared: “Not if, but when
you get a security incident!”
Have a documented and tested ”Incident
response procedure”, that is applied for
every IOC/IOA
Keep an alliance with security speicalists
Keep your software up-to-date (Java JRE,
Acrobat Reader, Adobe Flash, etc.)
Use your employees as IDS sensors
Privately:
Use individual and strong passwords (use a
password manager such as Lastpass)
Learn about cyber security threats and how
to protect against it:
https://heimdalsecurity.com/
Use an updated Anti Virus program
Use a program to automatically keep your
software up-to-date (Java JRE, Acrobat
Reader, Adobe Flash, etc.), (use a free tool
such as Heimdal Security Agent)