Ethical Phishing Case Study



Similar documents
8 Steps For Network Security Protection

STOP THINK CLICK Seven Practices for Safer Computing

Locking down a Hitachi ID Suite server

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Countermeasures against Bots

7 PRACTICES FOR SAFER COMPUTING

Basic Security Considerations for and Web Browsing

Instructions for use the VPN at the Warsaw School of Economics

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Advice about online security

What you need to know to keep your computer safe on the Internet

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

8 Steps for Network Security Protection

Remote Access End User Reference Guide for SHC Portal Access

Malware & Botnets. Botnets

Why The Security You Bought Yesterday, Won t Save You Today

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

How To Set Up Ops Cser.Com (Pros) For A Pc Or Mac) With A Microsoft Powerbook (Proos) (Prosecco) (Powerbook) (Pros) And Powerbook.Com/

Internet Basics. Meg Wempe, Adult Services Librarian ABOUT THIS CLASS. P a g e 1

A Guide to New Features in Propalms OneGate 4.0

Using Voltage Secur

The Devil is Phishing: Rethinking Web Single Sign On Systems Security. Chuan Yue USENIX Workshop on Large Scale Exploits

Basic Computer Security Part 2

Countermeasures against Spyware

Detailed Description about course module wise:

PC Security and Maintenance

Protection from Fraud and Identity Theft

Key Term Quiz Answers

Cybersecurity Best Practices

Introduction Requesting a VPN Account Accessing the Citrix Access Gateway (CAG) Tips and Tricks... 9

Current Threat Scenario and Recent Attack Trends

What Do You Mean My Cloud Data Isn t Secure?

W H IT E P A P E R. Salesforce CRM Security Audit Guide

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

OIG Fraud Alert Phishing

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Certified Secure Computer User

2X SecureRemoteDesktop. Version 1.1

SSL Web Proxy. Generally to access an internal web server which is behind a NAT router, you have the following two methods:

10 Quick Tips to Mobile Security

Initial Access and Basic IPv4 Internet Configuration

Accessing the Media General SSL VPN

Recommended Practice Case Study: Cross-Site Scripting. February 2007

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

Computer Security: Best Practices for Home Computing. Presented by Student Help Desk Merced Community College

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Recommended Browser Setting for MySBU Portal

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

Cyber Security: Beginners Guide to Firewalls

Topic 1 Lesson 1: Importance of network security

How to Identify Phishing s

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

USER GUIDE WWPass Security for Windows Logon

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

User Guide for Consumers & Business Clients

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Certified Secure Computer User

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Phishing Past, Present and Future

M2Web - Browser-Based Mobile Remote Access

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Anti-Phishing Best Practices for ISPs and Mailbox Providers

Where every interaction matters.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Quick Connect. Overview. Client Instructions. LabTech

QUICK INSTALLATION GUIDE ACTIVATE

Fraud Trends. HSBCnet Online Security Controls PUBLIC

Remote Deposit Quick Start Guide

Cyber Security Awareness

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Online Security Information. Tips for staying safe online

Computer Security. Uses Zip disks that hold up to 750 MB of data. Must buy and hook up the drive.

Topics in Network Security

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

How Do People Use Security in the Home

Information Security Threat Trends

Payment Systems Department

Install and End User Reference Guide for Direct Access to Citrix Applications

Remote Access to Niagara Wheatfield s Computer Network

Transcription:

Ethical Phishing Case Study Maven Security Consulting Inc www.mavensecurity.com 1-877-MAVEN-HQ (+1-877-628-3647)

Agenda Phishing Intro slide 2 phishing (v.) pronounced fishing fake web site that impersonates a legitimate site site captures personal data entered by victim (e.g. password) (optional) spoofed email directs user to fake site Full definition: http://www.wordspy.com/words/ phishing.asp

Ethical Phishing Maven Security Case Study Ethical Phishing where you throw the fish back. - Maven Security slide 3 Situation Insurance company 1300 small remote offices for agents remote locations using DSL, dial-up, satellite, ISDN, for Internet agents access Insurance mainframe through HTTPS via Internet Objective Get access to policy holder data on mainframe Defenses Dynamic IP (i.e. moving targets) ISP IP Ranges (not identifiable as Insurance company employees) NAT router/firewall (no way to initiate connection from outside) Results It took 15 minutes to get access to the main frame

Case Study A Closer Look (3-in-1) slide 4 Actually three separate attacks Web bug in HTML email Result: revealed dynamic IP addresses in real time Classic phishing attack Result: User credentials stolen for web portal and main frame access Phishing + IE holes Result: Remote access gained to user s desktop computer behind firewall

Case Study Attack 1: Web Bug slide 5 Send agents an HTML email with web bug <img src= http://www.ma vensecurity.com/web bug.php" width=1 height=1> Web bug pointed to script Script returned 1 pixel GIF image Script emailed the source IP address of the request to me (i.e. agent s router/firewall address) Result: 2 of the 5 routers were compromised one had trivial password on Cisco one was Linksys with firmware vulnerability Created NAT pass-thru for my source IP address Scanned the non -routable internal addresses behind the router/firewall

Case Study Attack 2: Classic Phishing Sent spoofed email Outlook & Outlook Express makes this easy (pseudo email spoof, or spoofing email for dummies) Outlook: Have replies sent to bill@microsoft.com Outlook Expres: Display name: bill@microsoft.com slide 6 Email contained misleading HTML link which pointed to spoofed web site that collected login data

Case Study Misleading HTML Links HTML hypertext links can say one thing but mean another <A href= http://evil.site">http://friendly.site</a> Above HTML gets rendered as: http://friendly.site slide 7 This is a fundamental feature of HTML and will not go away.

Case Study Attack 2: Classic Phishing Email had misleading URL pointing to spoofed site A recent security test by a third-party vendor has caused your Agent Resources Login account to become locked. The link below contains a security token required to reactivate access to your account. Click the link below and login as normal to re-enabled your account. https://biginsurance.dom/server1/agentlogin?token=83jw k8ne5aq28l93kddud98gk49 slide 8 Misleading We're sorry for any inconvenience. hyperlink pointing John Doe to a web site Supervisor, Information Services different from the Big Insurance Company one displayed to 555-KL5-1234 user. Mar 2004 jdoe@biginsurance.dom

The Final Word on HTML Email Impact More spam: web bugs validate your email address Hacker GPS: They will get your IP address from the web bug Worms & exploits: Potential for browser bugs being exploited via email slide 9 HTML + Email = wrong! Two great tastes that taste bad together A combination mother nature never intended Friends don t let friends use HTML email Just say no!

Case Study Attack 3: Phishing + IE Hole slide 10 Spoofed HTML email with misleading URL Spoofed web site initiated software install But software was not digitally signed by a trusted party Browser generates warning

Case Study Chromeless Windows slide 11 Microsoft s Internet Explorer (IE) web browser has a feature called chromeless windows. This allows a borderless window to open in front of other windows. Result Security warning boxes now look safe!

Chromeless Windows You won t know who to trust! Before chromeless windows After chromeless windows slide 12 Notice: We even covered the No and More Info buttons.

Case Study Attack 3: Spoofed HTML Email It has come to our attention that the recent Blaster worm patch we deployed may not have been completely effective on a few agent desktops. Your PC may be one of the system's not fully patched. Please use the link below to begin the new patch installation process. http://biginsurance.dom/server1/agentpatch2/k9s7jujw7eud26cijwu73ms/ slide 13 We're sorry for any inconvenience. John Doe Supervisor, Information Services Big Insurance Company 555-KL5-1234 Misleading hyperlink pointing to a web site different from the one displayed to user. Mar 2004 jdoe@biginsurance.dom

Case Study Attack 3: The Result Software was remote desktop control software VNC http://www.tightvnc.com/ slide 14 Mar 2004 Wrapped in a custom install script which caused VNC to connect outward to us defeating non-routable IPs behind a NAT firewall Result: Instant remote access to user s desktop. We can see everything they are doing in real time.

Phishing Defenses slide 15 Keep your browser up-to-date Microsoft Security Bulletin MS04-004 http://www.microsoft.com/technet/security/bulletin/ MS04-004.mspx IE is now fixed sort of. Chromeless windows still work! Use a non-ie browser Free: Mozilla, Firefox, Camino (Mac) http://mozilla.org Opera http://www.opera.com/ Google for more http://directory.google.com/top/computers/software/i nternet/clients/www/browsers/?tc=1 Disable HTML email FTC Consumer Alert Tips http://www.ftc.gov/bcp/conline/pubs/alerts/phishing alrt.htm When in doubt, type the URL

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information