On Monday we looked at the some of the primary attack vectors used by cyber-criminals. Here are the rest of the attack vectors that Kevin Thompson from FireEye shared at the Cyber Security Summit. Many of these are significant twists on old exploits, or more sophisticated exploits.
- Attacks using legitimate services.
- Social networks – make friends or connections, gather information.
- Cloud storage services to host malware downloads. Link looks legitimate, its from Google Docs or DropBox.
- Comment boards and chat services – post a link to the funny cat video, clickers get a video and malware too!
- Enterprise management tools – post a problem and solution with a malicious link.
- Microsoft TechNet forums – ditto
- PII services on the Dark Web – There now exist searchable databases of personally identifying information (PII) to aid attackers in identifying targets and potential victims. This is my personal favorite. Wondering why the bad guys want to steal all this information? Now you know.
- Using hijacked email accounts to request wire transfers. (Business Email Compromise)
- Stealing company information to make stock transactions based on insider information. Press releases, public relations firms, and law firms are often targeted for this information.
- Ransomware attacks used to hide credential theft or data exfiltration activities. First you copy and steal what you want, then you encrypt it all to keep them distracted and prevent them from discovering the loss of data.
What I learned from this presentation was that our cyber-adversaries are smart, organized, and highly skilled. They have developed a distributed economy of cyber-crime providers on the Dark Web. Many individuals or groups have focused and specialized on one or two services that they provide to other criminal crews that are preforming the actual exploit or heist. In many ways they mirror the way business is conducted in the visible web. This level of sophistication and organization is likely to make it more difficult to prevent exploits from happening. We need to rely on early detection and organized incident response and remediation strategies to defeat them.Share