Page 22 - index
P. 22
A well-designed RAT will allow the operator the ability to do anything that they could do with
physical access to the machine. RATs can be used to install additional tools so a program to
upload or download files can be installed secretly – what a great way to move an entire
electronic copy of an upcoming movie onto a peer to peer file sharing network?
Phishing Attacks – Social Engineering 101
According to Phishme.com, “Phishing can be defined as any type of email-based social
engineering attack, and is the favored method used by cyber criminals and nation-state actors
to carry out malware and drive-by attacks.
These are fraudulent emails disguised as legitimate communication that attempt to trick the
recipient into responding – by clicking a link, opening an attachment, or directly providing
sensitive information. These responses give attackers a foothold in corporate networks, and
access to vital information such as intellectual property.
Phishing emails are often carefully crafted and targeted to specific recipients, making them
appear genuine to many users.
Phishing is effective, low-cost, bypasses most
detection methods, and offers criminals little chance
of capture or retribution. It’s little wonder then that
several prominent security firms have confirmed it to
be the top attack method threatening the enterprise
today, with security firm TrendMicro noting that spear
phishing accounts for 91% of targeted attacks,
incident response consultant Mandiant citing spear phishing as Chinese hacking group APT1’s
most common attack method, and Verizon tracing 95% of state-affiliated espionage attacks to
phishing.”
Lex Parsimoniae: Here’s What Most Likely Happened
Understanding the means, the motives and the capabilities of the ‘actors’ involved, and using
Occam’s razor - the least assumptions, problem solved:
1) SPE puts out a teaser in June, 2014
22 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
