REST ASSURED

A look into a hackers mindDIRF, September 2018

www.csis.dk

Agenda 1.00 Trends2.00 Live hacking3.00 Case studies4.00 Recommendations

A look into a hackers mind

1.00Trends

A look into a hackers mind

4

Identity theftCould this happen to you?

5

Smaller, more targeted phishingThe phishing kits are more advanced than ever and the IT criminals are fast and effect full

6

CEO and VENDOR fraudOne of the largest financial threat against companies

7

Smaller, more targeted phishingPhishing works on all platforms

8

Smaller, more targeted spear phishing e-mailsDistributing malware such as Trickbot

9

Ransomware expanding and evolvingDifferent types of strategies and motivation…

10

Threat actors becoming more patient, more professionalMalware: Carbanak

11

More resources required by both organisations and vendorsRussian interference in the US presidential election witness this

Source: CSIS

12

Data breaches constantly increasingHave you remembered to change your password recently?

13

Mobile malware quieter than expectedMost mobile malware is only advanced phishing attacks (overlay attacks)

14

DarknetEasy to find easy to use

15© CSIS Security Group A/S, 2018

Increasing DDoS activityThe largest DDoS attack ever seen with Mirai botnet: 1 TB+ traffic

2.00Live hacking

A look into a hackers mind

17

Find your targetEx: Company + job description + linkedin

18

Find e-mail addressE-mails typical follows a syntax

19

Find e-mail addressE-mails typical follows a syntax

20

Find e-mail addressUse darknet to check syntax (and compromised passwords)

21

Find e-mail addressUse darknet to check syntax (and compromised passwords)

22

Find e-mail addressOr use WWW…

23

Find software you can exploitMeta data in documents (Maltego)

24

Find software you can exploitMeta data in documents (Maltego)

25

Adobe PDF Library timelineInconsistency patch management

26

Make your spear phishing e-mailIs it possible to spoof the e-mail FROM field?

27

Make your spear phishing e-mailNow we are ready to make the e-mail

From: pve@dk-plesner.comTo: Firstname.lastname@plesner.com

Pia Valentin ErichsenPlesner A/S

28

Make your spear phishing e-mailExcel Macro Attack

LIVE DEMO

29

Avoid Antivirus detectionGoogle: “antivirus + company name + linkedin”

30

Avoid Antivirus detectionEncrypt you malware and avoid AV detection

3.00Case study: Maersk

A look into a hackers mind

32

Maersk caseNotPetya

Step 1: Software update (outside)- Patient-0 difficult to protect against

Step 2: Auto-spreading (inside network)- Exploit- Credential harvesting

33

Maersk caseSetup

Security systems

Internet

Evil hacker

Patient 0

TARGET 2+

Malicious Medoc software update (auto)

Using Microsoft OS exploit and

Credential harvesting

3.00Case study: Circumvent two-factor authentication

A look into a hackers mind

08080808

*******

08080808

*******

1234

Circumvent two-factor authenticationCitadel, ZeuS, Ramnit, Trickbot, etc.

4.00Recommendations

A look into a hackers mind

37© CSIS Security Group A/S, 2015

38

What can I do / Learn more?Antivirus is not enough!

Company:

Be aware and prepared: “Not if, but when

you get a security incident!”

Have a documented and tested ”Incident

response procedure”, that is applied for

every IOC/IOA

Keep an alliance with security speicalists

Keep your software up-to-date (Java JRE,

Acrobat Reader, Adobe Flash, etc.)

Use your employees as IDS sensors

Privately:

Use individual and strong passwords (use a

password manager such as Lastpass)

Learn about cyber security threats and how

to protect against it:

https://heimdalsecurity.com/

Use an updated Anti Virus program

Use a program to automatically keep your

software up-to-date (Java JRE, Acrobat

Reader, Adobe Flash, etc.), (use a free tool

such as Heimdal Security Agent)

Thank you!

jsf@csis.dk

www.csis.dk

REST ASSURED