About
RiskPundit

RiskPundit

Opinions about information security from a risk management perspective

Fake YouTube page used to infect soccer fans

11. July 2010 · Comments Off on Fake YouTube page used to infect soccer fans · Categories: blog · Tags: fake web pages, Social Engineering, Zscaler

Zscaler discusses yet another example of blackhats drawing unsuspecting fans to fake web pages containing malware. This time it’s a fake YouTube page designed to attract soccer fans during the World Cup.

I call this type of attack, “inside-out,” in the sense that the attacker draws an insider out to a web-page to initiate the attack rather than using the traditional “outside-in” direct attack method of finding and exploiting a network or application vulnerability. While traditional vulnerability assessments are still important, they do not provide the complete picture of your risks.

This is why we recommend a Next Generation Firewall or a Secure Web Gateway which offers protection from this type of social engineering attack.

HoneyBot – Automated IRC Social Engineering

13. June 2010 · Comments Off on HoneyBot – Automated IRC Social Engineering · Categories: blog · Tags: Social Engineering

IRC-Junkie is reporting that researchers at TU Wien (Vienna University of Technology, Austria) have developed a software program that performs a “man-in-the-middle” attack between IRC users causing them to click on malicious links at a 76% click rate. As opposed to impersonating a user and attempting to perform one side of the conversation, this program sits between two users and simply makes changes to the words and inserts malicious links.

The so called “HoneyBot” is capable of influencing the ongoing conversation by “dropping, inserting, or modifying messages” and the researchers assert that “if links (or questions) are inserted into such a conversation, they will seem to originate from a human user” and therefore the click-probability will be “higher than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of knowledge that such an attack is even possible and therefore people are not in the least bit suspicious. If HoneyBots become more prevalent, people will be more on guard.

In any case, approach each link cautiously – hover over the link and inspect the URL that is displayed at the bottom of the browser. If you cannot determine exactly where the URL is going to take you, don’t click on it.

Another thought, how long before we see this type of attack in the wild on Facebook?

Simplistic attacks still work some of the time

12. May 2010 · Comments Off on Simplistic attacks still work some of the time · Categories: Malware, Social Engineering · Tags: Social Engineering

Sunbelt has a detailed blog post of a ridiculously simple and obvious social engineering attack on Facebook users. The good news is that only 0.05% of Facebook users fell for it. The bad news is that the actual number of Facebook users is 191,372. Given the ease of creating these attacks and the rewards to the attackers, they are not going to stop anytime soon.

Phishing emails have become more convincing

21. October 2009 · Comments Off on Phishing emails have become more convincing · Categories: Botnets, Funds Transfer Fraud, Malware, Social Engineering · Tags: botnets, funds transfer fraud, phishing, Social Engineering

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud.

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.

Newer articles »

Search:

Tweets by @riskpundit

Recent Posts

Evolution of Network Intrusion Detection
Cybersecurity Architecture in Transition to Address Incident Detection and Response
The evolution of SIEM
Jumping to conclusions about the Target breach
Prioritizing Vulnerability Remediation – CVSS vs. Threat Intelligence

Archives

Tags

Apple application security bank fraud botnets breach breaches C&C cloud security Command & Control compliance Damballa DNS Facebook FireEye Firesheep funds transfer fraud Gartner Google Heartland Payment Systems HIPAA identity theft information technology iPhone IT Security IT Security 2.0 Koobface malware Microsoft next-generation firewall Palo Alto Networks PCI DSS phishing Positive Control Model privacy risk Risk management SANS 20 Critical Controls security security management SIEM Social Engineering social networking Stuxnet Web 2.0 Zeus

Meta

Log in
Entries feed
Comments feed
WordPress.org

© 2024 RiskPundit. All rights reserved.

Design by picomol. Powered by WordPress.