3 Social Engineering Attacks in Real Life

Provido

Katılımcı Üye
21 Eki 2015
477
1
Mykonos_vase.jpg



1- Trojan Horse

The classic example comes all the way from ancient Greece, during the mythological Trojan War (possibly, but probably not based on actual historical events). After an exhausting, unsuccessful 10-year siege of Troy, the Greek army appears to give up. They pack their things, set sail, and leave the Trojans an enormous wooden statue of a noble horse -- an impressive gift to say "We lose. You win. Good game."

The Trojans wheel the horse into the gates, congratulate themselves, eat, drink, and be merry themselves into a sound sleep. Little did they know that hidden inside the horse was a small force of Greek soldiers. The soldiers crept out of their equine hideaway during the night, opened the city gates, and let in the rest of the Greek army, which had quietly returned under dark of night while the Trojans were carousing. The Greeks entirely destroyed the city of Troy, and the Trojans who survived had to live with the knowledge that, after their security measures held strong for 10 years, they'd allowed their own undoing by foolishly inviting their destroyers to come right in.

Mythical or not, if the Trojan Horse weren't such a genius example of a social engineering attack, we'd never have named an entire class of malware after it.


SecureID_token_new.JPG



2- RSA SecurID Breach


Security experts are still guessing at the true impact of the mysterious breach of security company RSA in 2011. What is known is that RSA's parent company, EMC, spent $66 million recovering from the attack, and that information relating to RSA's popular SecurID two-factor authentication mechanism was compromised.

What remains a mystery is exactly what that information was. RSA said the breach could reduce the effectiveness of SecurID, but did not say whether or not the SecurID source code or cryptographic seed values were exposed.

Another thing that is known about the attack is that it began with social engineering. As RSA explained in a blog post:

"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high-profile or high-value targets. The email subject line read '2011 Recruitment Plan.'

"The email was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached excel file. It was a spreadsheet titled '2011 Recruitment plan.xls.'

"The spreadsheet contained a zero-day exploit that installs a backdoor through an Adobe Flash vulnerability (CVE-2011-0609)."

Ferrara lists this in his top five, because it was one of the first high-profile attacks against a security company, and it not only impacted the security of its initial target, but thousands of other organizations as well.


lynx.jpg



3- Hidden Lynx Watering Hole on Bit9


Here's another in the category of attacks on security companies. In 2013, the "Hidden Lynx" cyberespionage group in China used water-holing attacks to compromise security firm Bit9's digital code-signing certificates, which later were used to target some Bit9 customers.

Watering holes are more subtle than phishing attacks. Malware is injected into a legitimate website that organizations in the target industry are already likely to visit. And Hidden Lynx are the kings of the watering hole attack, behind not only this event, but the VOHO attacks and Operation Aurora.

They accessed Bit9's file-signing infrastructure, so that they could sign malware and make it seem legitimate. They then used it to attacked Bit9 itself, at least three of its customers, and three defense industrial base organizations that were customers of Symantec.



Excerpted
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.