Wednesday, 25 February 2015

Cyber ​​Spies Often Pose As IT Staff

Cyber ​​Spies trying to break in organizations often pose as IT staff of the attacked organization. Also, they often send phishing emails that are security and seem related example of an anti-virus company originates. That reports the American security company Mandiant in a new report. 78% of targeted phishing mails which saw passing by the company were IT or security-related.

Social engineering, in which users are tricked into opening an email attachment or open a certain website, combined with unpatched vulnerabilities are also the principal way in which attackers to gain access to organizations know. Most phishing emails that were analyzed were found to be shipped on Saturday.

The report also shows that 69% of organizations affected an intrusion on the network through a third party comes to know, while 31% of the victims discovered it yourself. Average attackers would have had last year 205 days access to networks attacked before they were noticed. A decrease of 24 days compared to 2013. At one organization knew the attackers to hide even 8 years.

For passwords, hashes and certificates of compromised systems and networks to steal attackers would increasingly use the Mimikatz program, warns Mandiant. Mimikatz is freely downloadable from the Internet and according to the developer a tool to "experiment" with Windows security too. Using the tool, passwords, hashes and Kerberos tickets are retrieved from the memory. In almost all cases that were analyzed and Mimikatz was deployed the existing anti-virus software turned out not to stop the tool.

No comments:

Post a Comment