The attackers are generally on the prowl for new methods and attack points in order to better their opportunity to steal from the user. Just as with any other business model, stagnation in improvements tend to be a detriment to the business.
One area that is focused on by the attackers are the user’s credentials. With these in hand, the attacker would be able to access everything the user has access to, without an issue. The user is not going to freely provide their credentials to an unknown third party. The attackers however will work to trick the user into providing this. This may be done through phishing or spear phishing, or other types of attacks.
One frequent focus is to steal email account credentials. This would provide a gateway into the organization. The attacker, once the person’s email credentials are acquired, would have access to the user’s email account, including but not limited to the present emails, emails saved, and more importantly to the list of contacts within the organization. Think of the possibilities for a phishing email campaign when the user’s email is compromised when the organization is global. After compromising one user, the attacker would be able to send phishing emails across the planet, with the initial wave and when the emails would be forwarded.
The email credentials may be secured by a third party through a few different attacks. Two of the most successful attacks include phishing and spear phishing. This may take the form of a generic or specific email, depending on the attack. Located somewhere in the email would be a link to click for the user to provide their credentials. The email may appear to be from the CFO, accounting department, or other with a message that would fit their role.
This type of attack tends to be rather destructive and may require a global password reset, depending on the attack penetration. One clear method to halt this type of attack would be to implement two factor authentication (2FA). This is operationalized as the user begins via logging into their email or other application. At this point an app sends/texts a set of numbers, letters, or a combination to the user, which would need to be input into the system. This acts as an authentication method, as the person has their phone, not the attacker on another continent, or other method used to authenticate the person.
Once this is in place, compromising the applications and systems becomes much more difficult.
This provides for a valuable tool for the organization to use.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!