phishing Blog Terms - Attivo Networks

phishing

Attivo traps cyber criminals

IoT devices as bait and faked network environments: With its ThreatDefend platform, Attivo Networks is ahead in the defense against cyber criminals. This is intended to quickly identify and contain threats, reduce the length of time attackers stay in the network and reduce the risk of large-scale damage. The well-known cat-and-mouse game between security officers …

Attivo traps cyber criminals Read More »

valentine

Valentine Risks – Ode to Elizabeth Barrett Browning

Written by: Chris Roberts – Chief Security Strategist. We think of the Internet as our friend, we use it for social activities, to keep in contact with friends and family scattered across the globe. We use it to help others, to be helped by friends and strangers alike…so when someone sends us something our first instinct is to click it to open it…and that’s the point we lose. We lose our bank accounts; we lose our identity, our taxes and our life.

A New Olympic Sport we can’t Take our Eyes Off of: Competitive Cyber Hacking

By: Mackenzie Blaisdell The Olympics have always set the stage for much more than just athletic competition. Millions of people worldwide tune in to The Games to be spectators of diplomacy, culture, drama, and sometimes even propaganda. What is relatively new to the show’s program, however, is the rise of criminal and state-sponsored hacking.

The Olympics are a major target for hackers, as billions of dollars run through this event biennially. South Korea has even allocated $1.3 million for cybersecurity protection for the Olympics, mobilizing tens of thousands of security personnel, including cybersecurity analysts and 50,000 soldiers, in what has been described as one of the most militarized security forces in Olympic history to foil hacking attempts.[1]

If the Games’ cybersecurity infrastructure proves to be inadequate, a lot is at risk. Successful cyberattacks could potentially facilitate terrorism, ransomware or kidnappings. They open up the possibility to change scoring systems or alter the photo and video replay equipment. A successful hack could mean tampering with athlete care, food dispensing systems, or the infiltration of monitoring equipment; it would open up the possibility to tamper with entry systems or even interfere with transportation. All of this could significantly alter betting odds, and competitors’ personal data could be leveraged for fraud.

The Games hosts hundreds of thousands of smartphones, cameras, computers, tablets, routers and vehicles all needing to connect to a small number of easily-identifiable networks. This prompts a large volume of web address lookups or DNS queries in a short period of time, creating countless opportunities for malware and viruses to infiltrate.

Although the phenomenon of state-sponsored hacking leading up to the Olympics is relatively new, we have seen this before. In August of 2016, the World Anti-Doping Agency was successfully hacked, and their data was publicly leaked in a campaign widely attributed to Russian hackers.[2] That campaign took the stage amid the 2016 Summer Olympics after it became known that Russian competitors participated in a widespread, systemic and government-backed doping scheme. As a result, the country was banned from the 2018 Winter Games.

Hackers, from elementary ticket scammers to professional cyber-spies have been preparing for the 2018 Winter Games that commence on February 9 and run through until the 25th in Pyeongchang. More than 300 Olympics-related computer systems have already been hit, with many of them compromised.[3] Some cyber-criminals have already begun to disrupt the Olympics in the name of cyber jihad or the Korean amalgamation. Others are merely looking to tamper with TV programs, hijack email accounts, or scalp phony tickets for profit.

Earlier this year, an influx of phishing attacks aimed at stealing passwords and financial information raised alerts worldwide; McAfee detected a sweeping campaign that began in late December against Olympic-linked groups.

All of these groups were targeted through malicious emails containing what appeared to be a Microsoft Word attachment. The emails were made to appear legitimate through the use of fake government aliases.[4] The emails were crafted to look like they came from South Korea’s National Counter-Terrorism Centre, which was undergoing anti-terror drills in preparation for the Games.

The implants included in these phishing emails established an encrypted channel to the attacker’s server, most likely providing the attackers with the ability to execute commands on the victims’ machines and to install additional malware.

This was certainly not their last line of attack. McAfee announced on February 2nd that they have found malware that serves as the second stage payload in the phishing campaign, targeting involved organizations.

Additionally, the Russian hacking group Fancy Bear, or APT28, recently took ownership over leaked emails and documents belonging to the International Luge Federation, claiming they demonstrate violations of anti-doping rules.[5] The group is also known to be responsible for targeting the European Ice Hockey Federation, the International Ski Federation, the International Biathlon Union, and the International Bobsleigh and Skeleton Federation. It is believed that the group may be looking to be gearing up for other Olympic- related attacks. [6]

Clearly, cybersecurity is shaping up to be a serious force to be reckoned with when it comes to the Olympics. Whatever the cause of these attacks may be, it is evident that authorities are and should be concerned for both the welfare of businesses and welfare individuals. To prepare for the onslaught the Department of Homeland Security issued a notice on February 1st alerting travelers to the Olympics that hackers could attempt to steal credentials. [7] Businesses should also take precautions to ensure that their employees are educated on phishing campaigns and also take cautions to keep their system’s software patched and use caution with the handling of their credentials.

Despite all precautions, attackers can and will find ways to breach a network and it becomes a matter of detecting and stopping them before damages can be done. Organizations must be prepared and be confident in their early detection of these threats to preserve not only the experience but also the safety of the Olympics athletes and supporting organizations, and attendees.

One thing we can be sure of: We cannot trust these actors to do the right thing in this environment, as they have demonstrated time and time again that they will not hesitate to create chaos or cause harm to personal safety.

[1] https://www.nytimes.com/2018/02/01/world/asia/olympics-north-korea-security.html

[2] https://www.nytimes.com/2016/10/15/sports/us-officials-reassure-athletes-after-new-russian-hack-of-medical-files.html?_r=0

[3] https://www.nytimes.com/2018/02/08/technology/winter-olympics-hackers.html

[4] http://www.scmp.com/news/asia/east-asia/article/2127242/mcafee-hackers-target-pyeongchang-olympics-suspect-emails

[5] http://thehill.com/policy/cybersecurity/370495-russia-linked-group-claims-release-of-hacked-emails-from-international

[6] https://www.cyberscoop.com/fancy-bear-us-senate-winter-olympics-trend-micro-threatconnect/

[7] https://www.us-cert.gov/ncas/current-activity/2018/02/01/Pyeongchang-2018-Staying-Cyber-Safe-during-Olympics

CSO logo

Why you should fear phishing more than data breaches

For some people, Google controls most of their identity online, and losing access to that critical account could be devastating. A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks – not data breaches – pose the most risk to users when it comes to lost access.

Google’s study lasted a year, from March 2016 until March 2017, and looked to better understand how attackers take over accounts. While phishing, keylogging, and data breaches impact everyone, Google focused on themselves as the case study.

International Business Times

Facebook phishing: How to stay safe from new scam that pads URLs with hyphens

The new phishing attempt by hackers targets smartphone owners most of whom are Facebook users.

If you frequently use the Facebook on your smartphones beware! Researchers have uncovered a new phishing attempt by hackers that targets smartphone owners most of whom are Facebook users.

Security researchers from PhishLabs say the new tactic relies on the vulnerability that mobile browsers have very narrow URL address bars, which prevents users from viewing the entire contents of a link. Taking advantage of this hackers are padding URLs with sub-domains and hyphens, which make links look authentic on mobile devices but in reality will redirect them to dodgy sites.

Trend Micro Image

Flying Under the Radar: How Hackers Use Protection Strategies for Attack

It’s a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy.

This approach has been taken – oftentimes quite successfully – in an array of settings, including the cybersecurity realm. Security researchers are constantly working to pinpoint and better understand the techniques used by hackers in an effort to create targeted protections for specific threats. What many don’t realize, however, is that there’s a similar trend growing on the other side of the fence.

Similar to their white hat counterparts, malicious hackers are always looking to advance their capabilities. Instead of leveraging known system vulnerabilities, though, some attackers are now seeking to use the very protection measures organizations deploy to block malicious activity against them.

The Google Phishing Outbreak and 5 Tips to Avoid Being Hooked

Yesterday, a huge outbreak of phishing emails was discovered around 11:30 PT when an unknown organization sent out emails saying that someone from the recipient’s contacts list shared a Google document with them. A Google spokesperson said that the company has disabled the accounts where the hack originated. The attack affected approximately 1 million accounts, and hopefully none of your employees were one of them. Here is what Google put out late last night:

Scroll to Top