Ding! Your RAT has been delivered

padlock-security-

Cisco Talos wrote a awesome post following a attack campaign that leveraged malware using RAT capabilities. They cover research on how the malware is delivered using phishing via SPAM, what happens when the malware is executed and what they found as they monitored the malware installed in their lab / sandbox systems. I have wrote about another remote access tool (RAT) in the past here here and love how Talos included details on the tool DarkKomet used for this particular campaign. The original post can be found  HERE. Its a little longer than the usual posts on here but worth the read.

Talos is constantly observing malicious spam campaigns delivering various different types of payloads. Common payloads include things like Dridex, Upatre, and various versions of Ransomware. One less common payload that Talos analyzes periodically are Remote Access Trojans or RATs. A recently observed spam campaign was using freeware remote access trojan DarkKomet (a.k.a DarkComet). This isn’t a novel approach since threat actors have been leveraging tools like DarkKomet or Hawkeye keylogger for quite sometime. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Talos on Phishing: Hook, Line and Sinker: Catching Unsuspecting Users Off Guard

phishing-attack

Cisco’s research team Talos wrote a interesting article on their research on Phishing. The original post can be found HERE. For those that don’t know what Phishing is, its the cyber attack where a malicious party pretends to be a legitimate source with the goal to trick a victim into clicking a email, accessing a website, or just giving up sensitive data. Here is the Talos article.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)

Tax Time: Let the Phishing Begin

phishingcartoonEarl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (3 votes cast)

Don’t Trust All Phone Calls: Phone Scams 2.0

phone-scammer

There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.

Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Cool Penetration Testing Application: Cobalt Strike

CBStrike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Dont Just Click Any Link – Avoiding Phishing, Social Engineering And Other Attacks

shark

I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.

I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

How To Educate Your Employees About Social Engineering

fingercrossedA common saying is ” Amateurs Hack Systems, Professionals Hack People”.  Social engineering is the art of manipulating people into performing actions or divulging confidential information. People fall for social engineering tricks based on their instinct to be helpful and trusting. The typical attacker never comes face-to-face with a victim using deception through email, social networks or over the phone. Continue reading

VN:F [1.9.22_1171]
Rating: 4.8/5 (4 votes cast)