Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.702 ■ Fall 2020 ■ Wade Mackey

Main Content

Spear-phishing Attack on Companies Involved in Covid-19 Vaccine Distribution

By Leave a Comment

Hackers are targeting companies that are involved in distributing an Covid-19 Vaccines. Accordingly to a new research the attackers are performing an spear-phishing attack the organizations that are distributing Covid-19 vaccines since September 2020. IBM Security X-Force researchers said that the attacks are being aimed at vaccine cold chain. The companies are responsible for storing and delivering vaccines at a safe temperatures.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert informing an organizations that are involved in storing and delivering Covid-19 vaccines to review the indicator of compromise and increase their defenses.  It has been unclear if there were any of the phishing attacks were successful.  IBM has said that the attackers are trying to steal an credential for the companies to get access of their network and get unauthorized access to the sensitive information regarding to the Covid-19 vaccines.

 

References:

Lakshmanan, R. 2020. Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution. Retrieved from: https://thehackernews.com/2020/12/hackers-targeting-companies-involved-in.html

Week 14: In the News

By Leave a Comment

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Due to a cloud misconfiguration users of a popular reservation platform threaten travelers with identity theft, scams, credit-card fraud and vacation-stealing. The misconfigured Amazon Web Services S3 bucket. Revealed the records include sensitive data and credit-card details. The Prestige Software’s “Cloud Hospitality” is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks, “The S3 bucket contained over 180,000 records from August 2020 alone. Many of them related to hotel reservations being made on numerous websites, despite global hotel bookings being at an all-time low for this period.”

Week 8 Reading – Malware

by Leave a Comment

The readings this week gave us a working definition of what malware is.  According to the Wikipedia article, malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.

Question for the class

What is some popular malware that you recall being in the news in recent years?

Week 7 Reading: Social Engineering

by Leave a Comment

Social engineering is the art of manipulating people so they give up confidential information. There are many social engineering techniques Phishing, Vishing, Watering hole, tailgating, etc. These techniques are attempted by attackers to fool or manipulate humans into giving up access, credentials, banking details, or other sensitive information. There are 3 stages in social engineering research, planning and execution. In the research phase, the attacker performs reconnaissance on the target to gather information. The next stage is planning, where the attacker reviews the information and selects an attack to perform on the target. The last step is the execution phase, the attacker carries out the attack usually by sending messages by email or another online channel. 

 

Guidance for 2nd Assignment

by Leave a Comment

Identify a target you own or having written permission to target.  I strongly recommend “Metasploitable” as it will be the simplest path.

Identify a vulnerability in your target using nmap, nessus, or any other tool you want to use.

Use Metaspolit to create an exploit and comprise your target.

Create a 3 page slide deck and a 1 – 2 page executive summary describing what you found and what mitigation you would recommend.  Write the assignment as if you where communicating to someone who hired you to test one of their machines.

 

Wk #7: Reading Discussion

by Leave a Comment

Social Engineering:

  • Human behavior of social engineering(attack vs. attacker): Financial gain, self-interest, Revenge, external pressures
    • Reverse social engineering: enticed to ask the aggressor for help(through tricking them), aggressor offers help just to make sure the victim remains unsuspicious while the attacker probes more
  • Counter-measures: creating controls (training/policies/security/management/…)
    • Perform regular reviews that the controls are working as created.
    • Simulate an attack(hire pen testing specialists)

 

Question for the class:

  1. Have you ever been a victim to social engineering?
  2. What’s one physical control that can be used to mitigate chances of a social engineering attack?

 

In the News: Attackers Chaining Zerologon with VPN Exploits

by Leave a Comment

A newly discovered APT attack has been combining VPN exploits with the Zerologon bug. It has been considered a serious threat because of the vulnerabilities are exploited to gain access to networks. The aftermath of the attacks is still being observed but the bug is first gaining initial access to Active Directory. Then using the stolen legitimate credentials, they’re able to connect to virtual environments through RDP and VPN. There are talks that this might have some influence over the upcoming election, many government/non-government agencies are being attacked. Activities tracked of the bug has seen that they target multiple sectors not just SLTT entities, CISA and the FBI are finding mitigation techniques and pushing out best practices to decrease the risk of an attack.

 

https://www.infosecurity-magazine.com/news/attackers-chaining-zerologon-with/

News article – Tyler Technologies pays ransom to obtain decryption keys!

by Leave a Comment

Tyler Technologies, Inc. is the largest provider of software to the United States public sector.
On September 23rd, Tyler Technologies announced they had suffered a ransomware attack and its customers reported finding suspicious logins and previously unseen remote access tools on their networks.
IT was reported that hackers breached the internal network of the company and deployed the malware.
Security researchers have speculated that, Tyler Technologies were exposed to ‘The RansomEXX’, which is a human-operated ransomware, this means that attackers manually infected the systems after gained access to the target network.
According to BleepingComputer, which cited a source informed on the event, Tyler Technologies paid a ransom of an unspecified amount to receive the decryption key and recover encrypted files.
It is speculated that the senior management of Tyler technologies reluctantly paid the unspecified ransom as many school districts, court systems, and local and statement governments in the United States uses Tyler Technologies software.

References: https://securityaffairs.co/wordpress/109334/cyber-crime/tyler-technologies-paid-ransom.html

Week 7 Readings: Social Engineering

by 1 Comment

This paper goes over the process of social engineering. Social engineers are essentially actors that try to exfiltrate data or gain entry to a building by deceiving people. There are 4 phases in a social engineering attack, Information gathering, developing relationships, execution, and exploitation. Once the proper intel is gathered on a target, the attacker can assume a myriad of roles to achieve his/her goal. The attacker can pretend to be an important user such as a senior manager or a helpless user that requires assistance to gain access to the organizations systems. The most popular attack seems to be embedding an email with malicious code that can trigger a virus or a remote shell to the victims computer.

 

Questions for the class:

What are some preventative measures used in combating Social Engineering?

Week 7 – In the News: Phishing emails lure victims with inside info on Trump’s health

by Leave a Comment

A new phishing campaign has been discovered that will install a backdoor on the victim’s computer.  The phishing campaign is utilizing President Trump’s recent contraction of the Corona Virus.  With the presidential election just weeks away, people on both sides of the election have become obsessed with President Trump’s health due to the Corona Virus.

The phishing email which has been spotted by cybersescurity firm ProofPoint, is using a slew of different email subjects which include:

  • Recent materials pertaining to the president’s illness
  • Newest information about the president’s condition
  • Newest info pertaining to President’s illness

The emails claim to have insider information on the president’s health, requiring the user to download a document using an embedded link.  Once the link is clicked, the victim is brought to a Google Doc claiming that Google has scanned the file and is safe, prompting the user to download the document.  Instead of downloading the doc, a BazarLoader executable will be downloaded instead.

A BazarLoader is a backdoor created by the TrickBot gang.  This backdoor allows attackers to remotely access the computer which will be used to compromise the network.  Generally this leads to the installation or the Ryuk ransomware.  Ryuk is a form of ransomware that targets enterprise environments.

 

https://www.bleepingcomputer.com/news/security/phishing-emails-lure-victims-with-inside-info-on-trumps-health/

Week 6: In the news

by Leave a Comment

Illinois Community College Addressing Cybersecurity Breach

Heartland Community College is working with outside consultants to address a security breach in its computer systems. As of now all of the college’s online operations including classes are shut down. The college became aware of the breach on Monday and immediately shut down all of the university online services in efforts to investigate and maintain the security breach. The College is unaware if any student or personal data have been compromised. Reports mentioned the spike of phishing emails since the pandemic. Since the shutdown the college informed students via social media that their instructors would be in touch to reschedule missed classes, tests and assignments. Heartland Community College is working to resume normal online operations as quickly as possible, but it did not provide a timeline. The college has not shared any more information on the nature of the cyberattack.

https://www.wglt.org/post/breach-disrupts-heartland-community-colleges-computer-systems#stream/0