Security Awareness Service
Phishing attacks are on the up. In Q3 2015 Kaspersky Labs Anti-Phishing System was triggered 36,300,537 times. This demonstrates an increase of 6,000,000 from Q2 2015.
Many cyber criminals are using targeted phishing as their preferred method of attack due to the relative ease of deployment and expected success rates.
Whilst most users are now aware of obvious phishing emails the threat landscape is changing with attackers using more sophisticated techniques.
Ransomware is usually deployed as a Trojan masquerading as a normal file that is downloaded intentionally or unintentionally by the user. Upon execution, ransomware begins encrypting the files on an infected device and typically displays a message informing the victim that their files can only be decrypted if a ransom is paid to the attackers.
More complex Ransomware has been designed to harvest information before encrypting the infected endpoint. A Ransomware attack that takes an entire network down and causes business disruption can start with a single infected computer
247infoSec Have developed our Security Awareness Service to assist you in reducing the risk of an attack.
Step 1 - Recon
The first step in the attack is Reconnaissance. During this this phase 247InfoSec emulate the steps of real life attackers to identify the target base for an attack.
Using the same tools and techniques as an attacker we shall attempt to identify email addresses, user passwords, personal and corporate information for the later stages of the engagement.
Stages of Reconnaissance
Discovery of corporate email addresses in the public domain
Discovery of corporate passwords linked to the above in the public domain
Discovery of social media accounts registered using corporate email addresses
Discovery of social media accounts mentioning employment of referring to the College
Utilising Google "dorks" in order to identify key users
Discovery of accounts and passwords leaked via pastebin and other sources
Discovery of documents, blogs and other web based posts relating to the College
The second step of the attack is Preparing and Executing an Attack. Using the information found during Reconnaissance phase we shall look to build a targeted attack.
Scenario 1 – Bogus Email and Survey
In this Scenario we would look to compromise users using a bogus email. There are various ways this attack could work dependant on the information discovered during the reconnaissance phase. For example, we could be your Head of HR. We would attempt the following.
1. Register a domain such as barnsley-ac.uk
2. Create an email address for HR using the Barnsley College email structure found in step one
3. Select one or more users as targets
4. Build an email asking for the targets to provide info for their personnel file
5. Embed a link to a survey
Once testing is complete a comprehensive report will provided detailing,
Corporate email addresses discovered in the public domain
Corporate passwords linked to the above in the public domain
Social media accounts registered using corporate email addresses
Social media accounts mentioning employment of referring to the Company
Key Users identified
Accounts and passwords leaked to the Internet
Documents, blogs and other web based posts relating to the Company
Information related to user click through (this is as provided in your free PAS report