Tag Archive for: infiltrate

Hacking humans: Devious tricks attackers use to infiltrate via employees

/in


When we hear the word “hacking” we typically imagine a hooded bad guy coding in a dark room, using cyber skills to breach technical systems and networks.

But what if we told you that 80-95% of all computer attacks begin with the hacking of a human being? That’s right, hacking human beings (a.k.a. social engineering) is usually “phase one” of any cyberattack. This doesn’t require so many technical skills but rather a clever understanding of how human nature responds to phishing lures.

What is Social Engineering? 

Social engineering is a technique used by threat actors to trick online users into revealing sensitive information (such as passwords) or convince them to perform an action (such as clicking a link) that ends up compromising an identity, a system or network.

While email phishing is probably the most popular form of social engineering, other forms are also on the rise such as smishing (SMS text phishing), quishing (QR code phishing), BEC (business email compromise), and vishing (voice phishing).

How Do Social Engineering Attacks Work?

Regardless of medium or method (email, voice, text) social engineering attacks are typically executed using the following steps:

1. Conducting Reconnaissance

Just like an investigator that surveys, monitors or observes a potential target — who they meet, where they spend time, where they live, etc., attackers too will often do background research on their targets.

This includes combing through social media profiles (checking their social media interactions, mentions and connections), learning about their colleagues, friends and family members; obtaining their contact information and finally using tools like open source intelligence (OSINT) to uncover vulnerable and exploitable assets that they can target or operationalize. 

2. Designing a Pretext

Just like in the old movie “The Talented Mr. Ripley” where a con-artist crafts a fake story to convince everyone that he’s the son of a shipping tycoon, attackers too will create situations or stories to dupe their targets. It can be anything from a discount code to an investment opportunity, from a “verify your email” notification to a notification highlighting…

Source…

Hackers Increasingly Infiltrate Software While It’s Still in Development—Before Guard Is Up

/in


Imagine a lauded restaurant that attracts government officials and corporate elite. One day, someone sneaks into the kitchen and puts cyanide into a pot of stock used in its signature dish. The sitting U.S. president happens to be a guest that evening and consumes it. Now, the president is dead.

“That’s kind of what’s happened here, where SolarWinds are the cooks in the kitchen, and somebody has snuck in and put some malicious code into their software as they’re building it. And nobody noticed,” said Dan Draper, technologist and founder of Australia-based cybersecurity and governance platform CipherStash.

Source…

Bypassing Security: How Hackers Can Infiltrate Surveillance Cameras

/in




Fei Ruby, Tech Times

Hikvision and Dahua lead the world in the production of surveillance cameras, but deficiencies have recently been discovered in their security systems.

With the help of a hacker, BBC Panorama conducted an investigation to test the security of these Chinese-made surveillance cameras, with the results being even more grim than we thought.

These two Chinese brands compose the majority of security cameras used in the UK – from houses and privately-owned properties to local councils and government-related establishments. 

Demonstrating the Infiltration

BBC Panorama recently ran an investigation regarding the reliability of these Chinese-made surveillance cameras. Through a joint effort with a hacker, BBC set up a darkened studio inside its Broadcasting House in London and acted swiftly. 

Starting with a demonstration of how these hackers can hack them, an oblivious BBC employee was the unlucky target. Even in the darkened studio, the hacker can see everything he does through the lens of a hijacked security camera. 

Personal things, such as entering his phone’s passcode, the interior of his surroundings, and everything he’s typing on the laptop. Every single action the employee takes is seen and monitored by the hacker. 

Read Also: What Is Ethical Hacking? Here’s How It Helps Make Blockchain More Secured

Risks and Caution

UK’s Biometrics and Surveillance Camera Commissioner, Professor Fraser Sampson, warned that the crucial infrastructure in the country, including access to clean food and water, transport networks, and power supplies, is vulnerable.

“All those things rely very heavily on remote surveillance – so if you have an ability to interfere with that, you can create mayhem, cheaply and remotely,” Sampson said.

Charles Parton, a fellow at Royal United Services Institute (RUSI) and a former diplomat who worked in Beijing, seemed to agree and said: “We’ve all seen the Italian Job in our youth, where you bring the whole of Turin to a halt through the traffic light system. Well, that might have been…

Source…

Your digital footprints could help hackers infiltrate computer networks

/in


When you use the internet, you leave behind a trail of data, a set of digital footprints. These include your social media activities, web browsing behavior, health information, travel patterns, location maps, information about your mobile device use, photos, audio and video. This data is collected, collated, stored and analyzed by various organizations, from the big social media companies to app makers to data brokers. As you might imagine, your digital footprints put your privacy at risk, but they also affect cybersecurity.

As acybersecurity researcher, I track the threat posed by digital footprints on cybersecurity. Hackers are able to use personal information gathered online to suss out answers to security challenge questions like “in what city did you meet your spouse?” or to hone phishing attacks by posing as a colleague or work associate. When phishing attacks are successful, they give the attackers access to networks and systems the victims are authorized to use.

Following footprints to better bait

Phishing attacks have doubled from early 2020. The success of phishing attacks depends on how authentic the contents of messages appear to the recipient. All phishing attacks require certain information about the targeted people, and this information can be obtained from their digital footprints.

Hackers can use freely available open source intelligence gathering tools to discover the digital footprints of their targets. An attacker can mine a target’s digital footprints, which can include audio and video, to extract information such as contacts, relationships, profession, career, likes, dislikes, interests, hobbies, travel and frequented locations.

Your online activities may feel fleeting, but they leave traces.

They can then use this information to craft phishing messages that appear more like legitimate messages coming from a trusted source. The attacker can deliver these personalized messages, spear phishing emails, to the victim or compose as the victim and target the victim’s colleagues, friends and family. Spear phishing attacks can fool even those who are trained to recognize phishing…

Source…