Week 07: Social Engineering

Illinois Community College Addressing Cybersecurity Breach

Heartland Community College is working with outside consultants to address a security breach in its computer systems. As of now all of the college’s online operations including classes are shut down. The college became aware of the breach on Monday and immediately shut down all of the university online services in efforts to investigate and maintain the security breach. The College is unaware if any student or personal data have been compromised. Reports mentioned the spike of phishing emails since the pandemic. Since the shutdown the college informed students via social media that their instructors would be in touch to reschedule missed classes, tests and assignments. Heartland Community College is working to resume normal online operations as quickly as possible, but it did not provide a timeline. The college has not shared any more information on the nature of the cyberattack.

https://www.wglt.org/post/breach-disrupts-heartland-community-colleges-computer-systems#stream/0

Credential stuffing attack is an form of an attack with uses the stolen username/password from one website and uses those credentials to login to other websites. Attackers uses an specific tools to send the stolen credentials from one website to other websites. This types of attacks are successful to gain access of other’s accounts since there are many people that uses an same credential for multiple websites.

Credential stuffing attack work by attacker first gaining access to the credential from the previous data breach. Then the attacker uses an specific software to inject those and other hundred or thousands of credentials to targeted websites. Once the attacker is able to obtain the access to the users account attacker would be able to get all the personal information of the user that is being saved on that account.

There are many ways to save your accounts from this credential stuffing attack. One of the way to protect the account is by using different password on all of the accounts. Another way to protect the account from this attack is to use the multi-factor authentication.

 

Reference:

Bannister, A. 2020. Credential stuffing attacks: How to protect your accounts from being compromised. Retrieved from: https://portswigger.net/daily-swig/credential-stuffing-attacks-how-to-protect-your-accounts-from-being-compromised

Social engineering is the art of manipulating people so they give up confidential information. There are many social engineering techniques Phishing, Vishing, Watering hole, tailgating, etc. These techniques are attempted by attackers to fool or manipulate humans into giving up access, credentials, banking details, or other sensitive information. There are 3 stages in social engineering research, planning and execution. In the research phase, the attacker performs reconnaissance on the target to gather information. The next stage is planning, where the attacker reviews the information and selects an attack to perform on the target. The last step is the execution phase, the attacker carries out the attack usually by sending messages by email or another online channel. 

 

Identify a target you own or having written permission to target.  I strongly recommend “Metasploitable” as it will be the simplest path.

Identify a vulnerability in your target using nmap, nessus, or any other tool you want to use.

Use Metaspolit to create an exploit and comprise your target.

Create a 3 page slide deck and a 1 – 2 page executive summary describing what you found and what mitigation you would recommend.  Write the assignment as if you where communicating to someone who hired you to test one of their machines.

 

Intro-to-Ethical-Hacking-Week-7

This paper goes over the process of social engineering. Social engineers are essentially actors that try to exfiltrate data or gain entry to a building by deceiving people. There are 4 phases in a social engineering attack, Information gathering, developing relationships, execution, and exploitation. Once the proper intel is gathered on a target, the attacker can assume a myriad of roles to achieve his/her goal. The attacker can pretend to be an important user such as a senior manager or a helpless user that requires assistance to gain access to the organizations systems. The most popular attack seems to be embedding an email with malicious code that can trigger a virus or a remote shell to the victims computer.

 

Questions for the class:

What are some preventative measures used in combating Social Engineering?

A new phishing campaign has been discovered that will install a backdoor on the victim’s computer.  The phishing campaign is utilizing President Trump’s recent contraction of the Corona Virus.  With the presidential election just weeks away, people on both sides of the election have become obsessed with President Trump’s health due to the Corona Virus.

The phishing email which has been spotted by cybersescurity firm ProofPoint, is using a slew of different email subjects which include:

• Recent materials pertaining to the president’s illness
• Newest information about the president’s condition
• Newest info pertaining to President’s illness

The emails claim to have insider information on the president’s health, requiring the user to download a document using an embedded link.  Once the link is clicked, the victim is brought to a Google Doc claiming that Google has scanned the file and is safe, prompting the user to download the document.  Instead of downloading the doc, a BazarLoader executable will be downloaded instead.

A BazarLoader is a backdoor created by the TrickBot gang.  This backdoor allows attackers to remotely access the computer which will be used to compromise the network.  Generally this leads to the installation or the Ryuk ransomware.  Ryuk is a form of ransomware that targets enterprise environments.

 

https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/