Video Screencast Help
Security Response

Wetware Hacks

Created: 22 Nov 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:44:27 GMT
Marc Fossi's picture
0 0 Votes
Login to vote

Your hardware is well secured. You’ve got agood perimeter firewall in place that only allows communication onauthorized ports, an IDS to scan for suspicious activity, WPA2encryption set on wireless devices, and so on. Your software is secureas well. Patches up to date, good password policy enforcement, etc.

So where is the weak point in your network? I think there’s a commonexpression used to describe it – the problem exists between keyboardand chair.

Lately, more attacks have relied upon social engineering to infectusers rather than automated exploitation of vulnerabilities in networkservices. Social engineering is nothing new, but the sophistication ofsome of these attacks has been increasing. Three prime examples of thiscome to mind.

Earlier this year, there was a large-scale attack using the MPack kitin which a large number of legitimate Web sites were compromised toredirect visitors to a malicious server. Links to the compromised Websites were spammed out to users to entice them into visiting them.Since some of these Web sites may have been trusted by the users (theymight have visited them in the past or purchased services from them)they might not have thought twice about following the links, and werethen compromised by MPack.

A couple of weeks ago the MySpace page for singer Alicia Keyswas compromised and modified. The attackers changed it so that clickingalmost anywhere on the page would direct the user to a Web site thatattempted to sell them fake antivirus software. Similar to MPack, a Website the user may have trusted was used to redirect them to maliciouscontent. In this case the Web site recorded credit card information ifthe user chose to “purchase” the program.

And, in the first week of November, a Trojan program for Apple’s OS X operating systemwas reported. Users who followed links to a Web site promising adultcontent were prompted to install a video codec in order to see whatthey came for. During the installation of the program, users wereprompted for an administrator password to continue. Since most videocodecs (and a large number of applications in general) requireadministrative privileges to install, this probably didn’t seem toounusual. Rather than installing a video codec though, users wereproviding a Trojan with administrative privilege on their computers.

In all three of these examples, users were tricked by exploitingtheir trust or being presented with something they’re used to seeing.Secure policies along with good endpoint and network security willprotect users from most threats, but adding a good dose of knowledgeand education is vital. If something seems suspicious there is probablygood reason for it. While complete paranoia isn’t the answer, neitheris blind trust.