Post on 07-Jul-2020
transcript
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering /SmartPhone and DriveBy
Beer-Talk Compass Security AG, October 25, 2012
Walter Sprenger
© Compass Security AG Slide 2www.csnc.ch
Agenda
Introduction to Social Engineering� Attack/spoofing vectors
� Phishing Sites / Trojan Horses
Live Demos
Compass Experience� Numbers and Facts
� Social Engineering Pitfalls
� Countermeasures
Social Engineering Test Benefits
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
What is Social Engineering?
© Compass Security AG Slide 4www.csnc.ch
What is social engineering?
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Attack Vectors / Spoofing Methods
© Compass Security AG Slide 6www.csnc.ch
Attack vectors
© Compass Security AG Slide 7www.csnc.ch
Spoofing Methods
Why do you trust a message?� I know the sender (phone number, mail-address)
� I know the structure of the message
� I expect the message
Why do you trust a web site?� I know the domain of the website
� I only provide data on secured web sites
© Compass Security AG Slide 8www.csnc.ch
Targeted Attacks
Why make a lot of noise if one victim provides the information I want?� Run attack to only a few individuals
� Take more time on one individual, better preparation of the attack
Targeted Attacks� Do not raise suspicion
� No AntiVir patterns for used malware
� Hard to detect in log files / with intrusion prevention systems
� Longer infection possible, restart malware everytime the user logs in – longtime compromise
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Phishing Sites
© Compass Security AG Slide 10www.csnc.ch
Simple Phishing Website
© Compass Security AG Slide 11www.csnc.ch
Simple Phishing Website explained
© Compass Security AG Slide 12www.csnc.ch
Example of complex Phishing Site
User receives
Email with Link
Click
Login
View
Phishing Site
opened
Video Page
shown
Download
malicious Video
Codec
No
Yes
No
Credentials
entered
Yes
Install
No
Attacker takes
control
Yes
No
Remote Shell
started
Victim can’t decide
any more
Phishing Website Malware
© Compass Security AG Slide 13www.csnc.ch
Analysis of complex Phishing Sites
0 50 100 150 200 250 300 350 400 450 500
Installed Video Codec
Downloaded Video Codec
Clicked on Video Page
Entered Credentials
Clicked on Link in Email
Sum sent Phising Mails
© Compass Security AG Slide 14www.csnc.ch
Analysis of complex Phishing Sites (2)
0 20 40 60 80 100 120 140 160
Installed Video Codec
Downloaded Video Codec
Clicked on Video Page
Entered Credentials
Clicked on Link in Email
Before Detection
After Detection
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Trojan Horses
© Compass Security AG Slide 16www.csnc.ch
Covert Channel
Trojan Horse
InternetCompany Network
Delivery via USB-Stick
Started by
User
Attacker „observes“
the victim computer
© Compass Security AG Slide 17www.csnc.ch
Trojan Horse explained
NetC
at Rem
ote Shell
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Live Demos
© Compass Security AG Slide 19www.csnc.ch
Live Demo – Computer Phishing
A1) Webmail Phishing� Attack Vector:
� eMail with URL
� Goal:
� Get Webmail/Windows credentials
A2) FaceBook Phishing (Invitation)� Attack Vector:
� eMail with Facebook invitation
� Goal:
� Get Facebook credentials / Impersonation
© Compass Security AG Slide 20www.csnc.ch
Live Demo – SmartPhone Information
B1) SMS from your Bank� Attack Vector:
� SMS with call back number
� Goal:
� Get personal information
B2) GPS location� Attack Vector:
� SMS with URL to location web site
� Goal:
� Get coordinates of victim
© Compass Security AG Slide 21www.csnc.ch
Live Demo – SmartPhone Phishing
B3) iCloud Phishing� Attack Vector:
� SMS with URL to phishing web site
� Goal:
� Get iCloud credentials
� Steal date stored in iCloud (contacts, files, backup, etc.)
B4) Android NFC Business Card� Attack Vector:
� Business card with modifed NFC, points to phishing web site
� Goal:
� Get Google credentials
� Steal data stored on Google (mails, contacts, files, etc.)
� Install trojan app on mobile phone
© Compass Security AG Slide 22www.csnc.ch
Live Demo – Trojan User Interaction
C1) Exe in Word-Dokument� Attack Vector:
� Mail with Word-Document
� Goal:
� Remote control the workstation of the user
C2) Download EXE� Attack Vector:
� Facebook chat message – download URL
� Goal:
� Remote control the workstation of the user
C3) USB Trojan� Attack Vector:
� USB stick with interesting file (EXE)
� Goal:
� Remote control the workstation of the user
© Compass Security AG Slide 23www.csnc.ch
Live Demo – Trojan DriveBy
D1) Drive-By Java 0-Day� Attack Vector:
� Web site with URL
� Goal:
� Remote control the workstation of the user
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Numbers and Facts
© Compass Security AG Slide 25www.csnc.ch
Phishing Website
16%
84%
Credentials Phished
No result
© Compass Security AG Slide 26www.csnc.ch
USB-Stick with Trojan Horse
28%
72%
Inserted
No response
© Compass Security AG Slide 27www.csnc.ch
E-Mail with Trojan Horse
7%
93%
Clicked
Not clicked
© Compass Security AG Slide 28www.csnc.ch
Installing Access Point
100%
0%
Sucessfully installed
Access Denied
© Compass Security AG Slide 29www.csnc.ch
Phone – Give me your password
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering Pitfalls
© Compass Security AG Slide 31www.csnc.ch
Social Engineering Pitfalls
� Technical Pitfalls
� Firewalls (also Personal Firewall)
� SPAM-Filter
� URLs blocked
� Virus/Process Scanner
� IDS
� Wireless Strength
� Organizational Pitfalls
� System Administrator
� Employees
� Access Control
� Legal
� Bring somebody to shame
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Countermeasures
© Compass Security AG Slide 33www.csnc.ch
But, you can protect your Company
� Technical Countermeasures
� Virus Scanner
� Disable Autorun / USB / CD-ROM
� Disable dangerous attachements in Emails
� Firewalls / Content Filter / SSL-Split-Proxy
� IDS
� Protocol Sanitation (HTTP / DNS)
� Limit user permissions
� Secure WLAN
� Organizational Countermeasures
� Access Control
� Security Zones
� Educate Employes – User Awareness
� Security Policies
� Awareness Demo
� Social Engineering Test
Tel +41 55 214 41 60Fax +41 55 214 41 61team@csnc.ch www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering Test Benefits
© Compass Security AG Slide 35www.csnc.ch
Social Engineering Test Benefits
I know Social Engineering always works.
So why should I conduct a Social Engineering Test in my company?
© Compass Security AG Slide 36www.csnc.ch
Social Engineering Test Benefits
Technical Infrastructure – Sufficient?
Incident Handling – Adequate?
Security Awareness Courses – Learning Success?
Security Processes – No Weak Points?
Access Control – Impenetrably?
© Compass Security AG Slide 37www.csnc.ch
Thank you very much for your attention!
Thank you!
© Compass Security AG Slide 38www.csnc.ch
Contact
Compass Security Network Computing
Werkstrasse 20
Postfach 2038
CH - 8645 Jona
team@csnc.ch | www.csnc.ch | +41 55 214 41 60
Secure File Exchange: www.csnc.ch/filebox
PGP-Fingerprint: