Phising and client side attacks, the future?

Published: 2012-04-07
Last Updated: 2012-04-07 01:13:46 UTC
by Mark Hofman (Version: 1)
5 comment(s)

I've been involved in a few penetration tests recently and one thing that seems to be happening is that privileged access is harder to come by.  It used to be start at 9 have admin by 9.30 (on a slow day). Today it certainly tends to be a lot more work. 

I put it down to improvements in security over the last few years in many organisations as well as improvements in operating systems. Love it or hate it Windows 7 does a pretty good job of securing the machine. Combined with some practices like no local user admins, automatic patching and a decent HIPS it can be quite a challenge to compromise a fully patched and well managed Windows box.  OSX similarly has made some steps towards improving the security of the OS (If only they turned the firewall on by default :-(  ).  So if the operating system is pretty good and likely to get better, the attack vectors have to shift.  Which is where client side attacks enter the picture.  Get the user to attack their system for you.

We have had some good examples of this in the past year where sites were reportedly compromised because someone clicked something they should not have, likely delivered via email.  Just like the wooden horse the gift was accepted (phising email) and the trojan has the nasty surprise.

So on this, for many of you long weekend, I'd like you to have a little think and maybe complete the poll on the page or enter comments here. Phising/social engineering emails and client side attacks, something we are going to see a lot more of in the future or a passing fad?

Have a nice Easter for those that celebrate it.  Have a great weekend for those that do not. 

Cheers

Mark

Keywords:
5 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives