Phishing Dark Waters. Fincher Michele
Чтение книги онлайн.
Читать онлайн книгу Phishing Dark Waters - Fincher Michele страница 5
Another notable breach that you may not even remember involved RSA. At this point, any mention of RSA probably relates to the encryption controversy it experienced in connection to the National Security Agency starting in late 2013. That story was so big that it practically overshadows the corporate breach the company experienced in 2011.12 Unlike the opportunistic Target attack, this one appears to have been a very deliberate action taken against RSA employees. It was apparently the result of a malicious Excel spreadsheet attachment to an e-mail sent to low-level RSA users (see Figure 1.4).
Figure 1.4 RSA phish
RSA's spam filters reportedly caught the e-mails, sending them to users' Junk folders. The interesting point here is that humans overrode technical controls that worked the way they should have. At least one recipient opened the e-mail and clicked the attachment. This gave attackers entry into the internal network and enabled them to eventually steal information related to some of RSA's products. It was reported that in the quarter that followed the breach, parent company EMC spent $66M on cleanup costs, such as transaction monitoring and encryption token replacements.
One more product-based company breach worth noting involved Coca-Cola in 2009.13 This case originated as a very targeted spear phish directed at Coca-Cola executives with the subject line “Save power is save money! (from CEO).” The e-mail subject line is pretty bad, to be sure, but consider a couple of things: First, the e-mail appeared to come from an exec in the legal department at Coca-Cola. Second, at the time of the attack the company was promoting an energy-saving campaign. (The attackers really had done their homework.) The exec opened the e-mail and clicked the link, which was supposed to lead to more information about the energy program. Instead, he ended up loading a bunch of malware, including a key logger that tracked everything he typed in the weeks to come. This breach allowed the Chinese attackers to gain access to the internal corporate network and mine data for weeks before being discovered.
This breach occurred in February 2009, and Coca-Cola wasn't aware of it until the FBI informed the company in March. By then a great deal of sensitive data had been stolen. This was days before Coca-Cola's $2.4B attempt to purchase a Chinese soft drink manufacturer, which ultimately failed. It would have been the largest acquisition of a Chinese company by a foreign entity to date. There are conflicting reports as to why the acquisition failed, but at least one security organization claims it was due to critical information regarding strategy and pricing being leaked to the opposite side, which deprived Coca-Cola of the ability to negotiate the deal.
As mentioned earlier, the hack of the AP was impressive based solely on the sheer impact that one tweet had on the stock market.14 The way the attackers got in, however, was a simple spear phish that was sent to select AP staffers from what appeared to be a colleague (see Figure 1.5).
Figure 1.5 Associated Press spear phish
Although this e-mail is pretty vague, consider that it came from a “known” source and appeared to point to a legitimate page on The Washington Post site. Victims who clicked the link in the message were sent to a spoofed website that collected their login credentials. There's speculation that the spoofed site allowed victims to authenticate with their Twitter credentials, which led to the feed compromise.
Corporations are clearly as vulnerable to phishing as regular people are despite all of their technical controls and security policies. So what about phish that hit a little closer to home? The following section describes common examples that you may have seen.
We would be doing the topic of phishing a disservice if we didn't start with the Nigerian 419 scam. Also known as the advance-fee fraud, this con is apparently more than 200 years old in practice (as you can imagine, it took a lot longer to get scammed over snail mail, but it still happened). It gets its most modern name because of Nigeria's notoriety as supposedly being a large source of these scams. The number 419 refers to the Nigerian criminal code that addresses fraud.
You have probably seen a number of variations of this scam. For example, a rich prince has been deposed and needs your help in transferring his vast wealth, or a dying man is trying to make up for being generally unpleasant and needs your help in disbursing funds to charity organizations. Whatever the cover story, a few components are consistent:
• The amount of money in question is vast.
• They are trusting you, a complete stranger, to transfer, disburse, or hold the money.
• You get a cut for your trouble, but you need to do one of the following:
• Provide your bank account information so they can transfer the money
• Assist them by paying transfer fees, mostly due to some sort of precarious political or personal situation
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.