“The Travelers Guide To Wi-Fi Hacking”

  • 0

“The Travelers Guide To Wi-Fi Hacking”

Dear Blast Reader,

Do you stay at hotels when you travel? Do you ever use the hotel internet? Did you know that there may be someone spying on you while you are in your hotel? Did you know that hackers target hotel Wi-fi? Did you know that the hackers that target hotel wi-fi also target traveling business professionals?

 

Hotel wi-fi is targeted and compromised to assist in the delivering of the malicious payload to the selected victims. A ­payload is the part of the malware that performs the malicious action. Those behind the attack continually evolve the malware’s tactics and payload. It is believed that the attackers are exploiting the vulnerabilities in the server software, either by:

  • Gaining remote access.
  • Physically gaining access to the hotel and the hotel’s servers.

 

Now, attackers are using a new form of malware known as the “Inexsmar Attack”. This attack starts with a phishing email.  To make the email look real, the message is tailored to you. This email address you by name, and has real looking documents attached.

 

But, looks can be deceiving. Within this email there is a self-extracting archive package. This is a package that begins the trojan downloader process. A trojan downloader process is a malicious program, usually installed through an exploit or some other deceptive means. Using email attachments the malware is installed onto your computer. Once you are convinced to open the attachment, hackers will then initiate their malware attack.

 

How does the malware go un-detected?

To prevent being detected, the malware is downloaded in stages. These stages include:

  1. Hiding malicious codes and strings by linking malicious code to otherwise unrelated code.
  2. The malware then runs an operation to download the second part of the payload, the trojan malware.

 

So, as your defences improve, it is believed that the multi-stage download for the trojan malware is an evolutionary way to keep the trojan viable.

So, how do you protect yourself?

To protect yourself against this new form of advanced and evolutionary trojan malware, here are a few tips:

  1. Use public wi-fi as little as possible. Hackers exploit public wi-fi in places like coffee shops, restaurants, and hotels.
  2. Use a Virtual Private Network, also known as a VPN. VPNs are encrypted web browsers that hide your IP addresses & your location.

 

If you have any questions about Hacking, Malware, Cyber Security, or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit out website at www.FDS.Global.


  • 6

“Beware RATs”

Dear Blast Readers,

In recent days leading up to our most contentious election in modern history, there has been news outlets discussing a possible hacking of voting locations. The news has thrown around words such as RAT, back door, and remote access. The modern media has a tendency for the beware-ratsdramatic, but it is important to understand the terminology being thrown around. A RAT, or Remote Access Trojan, is a piece of malware (Malware is a term used to describe many forms of hostile and/or intrusive software). What makes RATs special is that this form of malicious program comes with a backdoor. A backdoor in this context is an opening in which the RAT program allows an unauthorized individual to secretly access the infected computer and gain administrative control.

 

It can be difficult to detect RATs. Why? Because usually they don’t show up on the list of tasks and running programs. The actions that are performed can be very similar to the actions of the legitimate programs. (The intruder will, more times than not, manage the resource use level so the user is not alerted by the drop in performance.)

Usually RATs are invisibly downloaded alongside a user requested program. Some examples of user requested programs include:

·       Games

·       Email Attachments

 

Once the targeted system is compromised, the intruder is able to issue RATs to other computers that are vulnerable on the same network, as well as establishing botnets. (A Botnet is a network of private computers that are infected with malware, and are controlled as a group without the knowledge of the owners.)

 

By enabling Administrative control, the RAT makes it possible for the intruder to do almost anything on the computer that has been targeted. Including:

·       Using Keyloggers and/or spyware to watch user behavior

·       Access confidential information (Examples: Credit Cards & Social Security Numbers)

·       Taking Screenshots

·       Distributing malware and other viruses

·       Formatting Drives

·       Deleting, altering or downloading file systems and files

 

So, how are you supposed to protect your system from RATs? You can do this by following the same procedures you would use to prevent other forms on malware infections. These procedures are as followed:

o  Keep your anti-virus software up to  date

o  Refrain from downloading unknown programs from unknown sources

o  Be cautious when opening attachments that are not from trusted and known sources

 

When it comes to protection at the administrative level, you are able to:

o  Block unused ports

o  Turn off unused services

o  Monitor outgoing traffic

 

If you have any questions about Remote Access Trojans feel free to visit our website at www.FDS.Global, or give our office a call at (954)727-1957.


  • 0

“Social Engineering”

Dear Blast Readers,

 

Beware of suspicious emails and phone calls. Why? Because it could be a Social Engineering Attack. These types of attacks take on many forms, ranging from physical access to a building to phone calls and emails. Social Engineering tactics are the preferred method of attack for most cyber criminals. Why? Because it is easier for the cyber criminals to exploit one’s natural disposition to trust than to find a way to hack into your system.

 

Social Engineering is when a person gets psychologically manipulated into performing actions and divulging confidential information to/for their attacker. Think of it as a confidence trick for the purpose of system access, fraud and information gathering. The most common types of Social Engineering attacks are in the form of: Phone Calls, Emails, and In Person Attacks.

social-engineering-graphic

 

All social engineering attacks are based on specific qualities of human decision making known as Cognitive Biases.

 

Cognitive Biases is also referred to as “Bugs in the human hardware” and are exploited in many different combinations. The attacks used in Social Engineering can be used to steal confidential information from a company’s employees.  

 

Most companies and organizations are vulnerable to Social Engineering attacks in the form of phone calls. The attacker may call the help desk pretending to be an employee that does not remember his/her password. Without ever verifying the caller, the help desk does not think twice before assisting in the resetting of the alleged employee’s password. This results in the attacker being able to remotely access the system (This form of attack is very hard to detect. Sometimes days, weeks, and even months go by before anyone realizes what has happened).

 

Emails with attachments and web links is one of the favorite forms of attacks among Social Engineers. They know that emails with attachments and web links will tempt users to click on the attachments/links, curious to see what the email contains.

 

What the user does not know is that this attachment/link is embedded with a secret Trojan that is silently installed when the link/attachment is clicked on and opened. Once this Trojan software is installed every keystroke and mouse click is captured and sent to the attacker.

 

An in person attack is a little more complicated. This form of attack involves the attacker physically infiltrating a company’s or organization’s building. The attacker can disguise themselves as a fake employee or visitor. Once the attacker gains access to the building the attacker can then look for information lying around on desks, as well as: planting keyloggers, connecting a laptop to corporate networks, and over hearing conversations.

 

Once the criminal has your information, they are likely selling it to others who, once obtaining it, want to use it to exploit you and people that you know. They do this by leveraging one’s natural disposition to trust. If you do not want to become a victim follow these prevention tips.

  • If a message sends a sense of urgency or is using an intense sales tactic be skeptical.
  • Be skeptical of any messages that are unexpected.
  • Remember, if you get a message asking for a reply with personal information it is probably a scam.
  • If you did not specifically ask for help from the sender, you should consider any offers for help a scam.

 

If you have any questions about Social Engineering or your digital security, feel free to give our office a call at (954) 727-1957 or visit our website at www.FDS.Global