We all know how persistent and clever cyber criminals are. It is everywhere in the news and on the Internet. At the moment cybercrime is the perfect storm. They go out of their way to make the experience of doing business on the Internet difficult to say the least.
The cyber criminals, the good ones, are always looking at ways to part business from their money, intellectual property or reputation. In this process there are a huge number of things that need to be protected against.
Two of the cleverer ways have come across my desk in the last couple of days.
Scenario one: USB at the front desk:
I hear about this happening to a small business, a solicitor, in Sydney a couple of weeks ago from a friend of mine. A young person walks into the reception to be interviewed for the business. He is looking surprisingly disheveled, and he is soaked to boot. He has his resume in a flip file and this is also soaked, to the point where the pages are sticking together and the ink is running.
He asks the receptionist if she could reprint a copy of his resume from the USB stick that he has on his key ring. He takes the USB stick off his key ring and hands it to her, she plugs it into the receptionist computer, scans it with an antivirus and prints off a copy of the resume.
In the meantime, the USB is installing a remote access Trojan (RAT) on the computer, setting up its command and control and going dormant.
This is social engineering at it best. This scenario prays on the trust of the receptionist.
You are probably wondering why the computer got infected when the USB was scanned for viruses. There is a small percentage of malware that is undetectable to most AV, this was one of them.
In addition to this malware going around the AV, all of the command and control sequences are encrypted and are passed through the firewall as SSL traffic. Therefore it is even harder to detect.
This office was lucky, their internet connection was managed by a robust and versatile firewall system and the Internet address that the traffic from the command and control system was black listed. Nothing was lost and the computer was discovered to be infected and was rebuilt.
Takeout – boutique malware is very very hard to detect. This could have been avoided in three ways.
- Isolate the USB manager on the computer so that a USB device will not run.
- Being a solicitor’s office where they would regularly get documents via USB, have a system that is not connected to the network, in an internal DMZ
- Put policies and procedures in place so that people are very aware of the dangers and do not plug in unknown USB devices.
P.S. He didn’t get the job, luckily for the business.
Scenario two: live network points:
This one happened at a hospital, in plain sight and was actually done by a white hat hacker (ethical hacker). The manager and board members had said that they could not be hacked because of the systems that they had in place.
In most Organisations, the ICT department will connect all of the network ports to the switch so that when a network device is plugged in it is immediately connected to the network.
A cybercriminal can purchase a battery operated wireless 4g modem from an electronics shop, change the operating system to Kali, install RAT and hacking software and when it is turned on it will broadcast its location and be fully accessible remotely. He has now got access to a computer on the network.
The hacker then went around the hospital and found a wall point, plugged in the device, turned it on and walked out.
From his car in the car park he then systematically accessed the networks, some of the computers and down loaded all of the information that he needed to convince the board, printed it off. He then walked into the CEO’s office and gave it to him. This was 16 hours after the contract for an ethical hacker was signed.
Takeout: Not only is wireless an ingress point but also hard wired connections that are convenient and patched into the main network. Wired connections actual have less protection.
Hackers and the perpetrators of cybercrime are clever and persistent. The image of the pimply kid in a dark room is 1999 thinking. Today’s hackers are articulate, social and sociable. Some of them can carry on conversations as well as normal people. They are very clever with ones and zeros but they are also very good with people.
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and educator on cybercrime and how to protect yourself from the digital world.