Upload
michael-hendrickx
View
78
Download
0
Embed Size (px)
Citation preview
The thin line between social engineering and a Trojan
Michael HendrickxSenior Security Analyst
COMBINED ATTACKS
• Combined attack vectors
Map Organization
Target “Easy” Employees
Extract Meta Information
Target Key Employees
Intelligence Gathering Social Engineering Remote Access
INTELLIGENCE GATHERING
• Forums, social media, blogs reveal connections• Friends, colleagues, “social network”
Most likely friends / colleagues
SOCIAL ENGINEERING RISING
• Often overlooked problem
• Human = weakest link
• Real world problem• 2013-2014: 7.7GB of military information stolen from
Syrian opposition members.• 12/2014: “Desert Falcons” hacking group stole over 1m
files and doc’s regarding military and political intelligence.
• 05/2014: 128m eBay user accounts personal data stolen
SOCIAL ENGINEERING TODAY
• Targeted spear phishing attacks• Get account credentials• Get user information• Deliver malware
• Many channels• Email• Forums• Instant Messaging• Social Media
RAT CHALLENGES
• “RAT” (Remote Access Tool)• Controls computer remotely• Hides usually from user
• Challenges for RAT:• Communication?• Corporate proxy, blacklisted IP addresses, DLP• Code execution• Anti virus, APT protection, sandboxing, anti debugging• Delivery• Download .exe? .scr? .apk?• Mail attachment limitations
RAT CHALLENGES
• Communication Challenges• Automatically use corporate proxy server• Fallback to DNS tunneling• Encryption
• Executing Challenges:• Inject into “whitelisted” process• IExplore.exe, RunDLL32, …• Self (Weak) Encryption• Sandbox detection, Anti Debugging Techniques• Simply wait• Suspend, don’t stop AV processes
RAT DELIVERY CHALLENGES
• Deliver RAT using MsOffice• Use macro to download RAT• Hide code within word document,
excel spreadsheet, …• White text on white background;
invisible for users, bottom of spreadsheet, …
• Use macro to execute
Especially if it’s a sensitive/confidential file (bonuses, salaries, …)
RAT DELIVERY CHALLENGES
• Hidden in Office Document
Hexadecimal dump of RAT executable. Copied to file and executed.
CONCLUSION
• Humans still weakest link in security
• Minimize public “footprint”
• Awareness is key
• Social Engineering exercises
• Don’t trust anything sent to you• Extends to personal computers, mobile phones, etc.• When in doubt, assume the worse
CONTACT US | WWW.HELPAG.COM | [email protected]
DUBAI, UAEARJAAN OFFICE TOWER, OFFICE 1201 / 1208, PO BOX 500741T +971 4 440 5666F +971 4 363 6742
ABU DHABI, UAESALAM HQ BLDG, BLOCK 6, EAST 1-16, OFFICE 503, PO BOX 37195T +971 2 644 3398F +971 2 639 1155
DOHA, QATARAL DAFNA – PALM TOWEROFFICE 4803, WEST BAY, P.O. BOX 31316T +974 4432 8067 F +974 4432 8069