CEHv8 module 09 social engineering

Tài liệu về CEH, an toàn bảo mật hệ thống thông tin. Phù hợp cho các bạn sinh viên nghiên cứu. học tập, làm đồ án.

Trang 1

0 9

Trang 2

Trang 3

According to recent data from the FireEye "Advanced Threat Report," fo r the first six months of 2012, email-based attacks increased 56 percent Email-based advanced cyber attacks easily bypass traditional signature-based security defenses, preying on naive users to install malicious files.

"Cybercriminals continue to evolve and refine the ir attack tactics to evade detection and use techniques tha t w ork Spear phishing emails are on the rise because they w ork," said Ashar Aziz, Founder and CEO, FireEye "Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defences."

"Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data," explains that express shipping terms are included in about one quarter o f attacks, including "DHL",

"UPS", and "delivery.11

http://biztech2 in com

FireEye, Inc has a n n o u n c e d th e release o f "T o p W o rd s Used in S pear P h is h in g A tta c k s to

S uccessfully C o m p ro m is e E n te rp ris e N e tw o rk s and Steal D a ta ," a re p o r t th a t id e n tifie s th e social e n g in e e rin g te c h n iq u e s c y b e rc rim in a ls use in e m a il-b a s e d ad va n ce d c y b e r-a tta c k s

A c c o rd in g to th e re p o rt, th e re are a n u m b e r o f w o rd s c y b e rc rim in a ls use to c re a te a sense o f

u rg e n c y to tr ic k u n s u s p e c tin g re c ip ie n ts in to d o w n lo a d in g m a lic io u s file s The to p w o rd

c a te g o ry used to evade tra d itio n a l IT s e c u rity d e fe n se s in e m a il-b a s e d a tta c k s re la te s to express s h ip p in g A c c o rd in g to re c e n t d a ta fro m th e FireEye "A d v a n c e d T h re a t R e p o rt," fo r th e fir s t six m o n th s o f 2012, e m a il-b a s e d a tta c k s in cre a se d 56 p e rc e n t E m ail-based advance d

c y b e r-a tta c k s easily bypass tr a d itio n a l s ig n a tu re -b a s e d s e c u rity d efense s, p re y in g on naive users to in s ta ll m a lic io u s file s

"C y b e rc rim in a ls c o n tin u e t o e v o lv e and re fin e th e ir a tta c k ta c tic s to evade d e te c tio n and use

te c h n iq u e s th a t w o rk Spear p h is h in g e m a ils are on th e rise because th e y w o rk ," said A shar Aziz, F o u n d e r and CEO, FireEye "S ig n a tu re -b a s e d d e te c tio n is in e ffe c tiv e a g a in st th e s e

Trang 4

c o n s ta n tly c h a n g in g ad va n ce d a tta cks, so IT s e c u rity d e p a rtm e n ts need to add a la y e r o f

D e liv e ry -C o n firm a tio n -A le rt_ A p ril-2 0 1 2 z ip "

The re p o r t in d ic a te s th a t c y b e rc rim in a ls also te n d to use fin a n c e -re la te d w o rd s , such as th e nam es o f fin a n c ia l in s titu tio n s and an associated tra n s a c tio n such as "L lo yd s TSB - Login

F o rm h tm l," and ta x -re la te d w o rd s , such as "T a x _ R e fu n d z ip " T ravel and b illin g w o rd s in c lu d in g

"A m e ric a n A irlin e s T ic k e t" and "in v o ic e " are also p o p u la r s p e a r p h is h in g e m a il a tta c h m e n t ke y

w o rd s

S pear p h is h in g e m a ils are p a rtic u la rly e ffe c tiv e as c y b e rc rim in a ls o fte n use in fo rm a tio n fro m social n e tw o rk in g sites to p e rs o n a liz e e m a ils and m ake th e m lo o k m o re a u th e n tic W h e n

u n s u s p e c tin g users re s p o n d , th e y m ay in a d v e rte n tly d o w n lo a d m a lic io u s file s o r click on

m a lic io u s links in th e e m a il, a llo w in g c rim in a ls access to c o rp o ra te n e tw o rk s and th e p o te n tia l

e x filtr a tio n o f in te lle c tu a l p ro p e rty , c u s to m e r in fo rm a tio n , and o th e r v a lu a b le c o rp o ra te assets.The re p o r t h ig h lig h ts th a t c y b e rc rim in a ls p r im a r ily use zip file s in o rd e r to h ide m a lic io u s code,

b u t also ranks a d d itio n a l file ty p e s , in c lu d in g PDFs and e x e c u ta b le file s

"T o p W o rd s Used in S pear P hishing A tta c k s to S uccessfully C o m p ro m is e E n te rp ris e N e tw o rk s and Steal D a ta " is based on da ta fro m th e FireEye M a lw a re P ro te c tio n C loud, a se rvice shared

by th o u s a n d s o f FireEye a p p lia n ce s a ro u n d th e w o rld , as w e ll as d ire c t m a lw a re in te llig e n c e

u n c o v e re d by its research te a m The re p o rt p ro v id e s a g lo b a l v ie w in to e m a il-b a s e d a tta c k s th a t

r o u tin e ly bypass tr a d itio n a l s e c u rity s o lu tio n s such as fire w a lls and n e x t-g e n e ra tio n fire w a lls , IPSs, a n tiv iru s , and g a te w a ys

h t t p : / /b iz t e c h2.in c o m /r1e w s /s e c u ritv /c v b e rc rim in a ls -u s e -s o c ia l-e r1E in e e rir1g e m a ils to p e n e tra te

-c o rp o ra te -n e tw o rk s /1 4 4 2 3 2 /0

Trang 5

M o d u l e O b j e c t i v e s C E H

י

M o b ile-b a se d Social Engineering

J Factors th a t M ake C om panies

V u ln e ra ble to Attacks

J Social E ngineering T hrough

Im p e rs o n a tio n on Social N e tw o rk in g Sites

J W a rn in g Signs o f an A tta ck

k J Id e n tify T h e ft

J Phases in a Social E ngineering A tta c k B

J Social E ngineering C ounterm easures

J C om m on Targets o f Social E ngineering

J H ow to D etect Phishing Emails

J H um an-based Social Engineering « Id e n tity T h e ft C ounterm easures

J C o m pu te r-b a se d Social E ngineering J Social E ngineering Pen Testing

M o d u l e O b j e c t i v e s

The in fo rm a tio n c o n ta in e d in th is m o d u le lays o u t an o v e rv ie w on social e n g in e e rin g

W h ile th is m o d u le p o in ts o u t fa lla c ie s and a d vo ca te s e ffe c tiv e c o u n te rm e a s u re s , th e possible

w ays to e x tra c t in fo rm a tio n fro m a n o th e r h u m a n b e in g are o n ly re s tric te d by th e in g e n u ity o f

th e a tta c k e r's m in d W h ile th is a sp e ct m akes it an a rt, and th e p s y c h o lo g ic a l n a tu re o f som e o f

th e s e te c h n iq u e s m ake it a science, th e b o tto m lin e is th a t th e re is no d e fe n se a g a in st social

e n g in e e rin g ; o n ly c o n s ta n t v ig ila n c e can c irc u m v e n t som e o f th e social e n g in e e rin g te c h n iq u e s

th a t a tta c k e rs use

C om puter-based Social Engineering

M obile-base d Social EngineeringSocial Engineering T hrough Im p e rso n a tio n on Social N e tw o rk in g Sites

Id e n tify T h e ftSocial Engineering C ounterm easures

H ow to D etect Phishing Emails

Id e n tity T h e ft C o u n te rm e a s u re s

This m o d u le w ill fa m ilia riz e yo u w ith :

Trang 6

As m e n tio n e d p re v io u s ly , th e re is no s e c u rity m e c h a n is m th a t can s to p a tta c k e rs fro m

p e rfo rm in g social e n g in e e rin g o th e r th a n e d u c a tin g v ic tim s a b o u t so cia l e n g in e e rin g tric k s and

w a rn in g a b o u t its th re a ts So, n o w w e w ill discuss social e n g in e e rin g co n ce p ts

}

C o u n te rm e a s u re s

Im p e rs o n a tio n o n S ocial

N e tw o r k in g Sites

־/*■

This s e c tio n d e scrib e s social e n g in e e rin g and h ig h lig h ts th e fa c to rs v u ln e ra b le to a tta cks, as w e ll

as th e im p a c t o f social e n g in e e rin g on an o rg a n iz a tio n

Trang 7

Social e n g in e e rin g re fe rs to th e m e th o d o f in flu e n c in g and p e rs u a d in g p e o p le to

re ve a l s e n sitive in fo rm a tio n in o rd e r to p e rfo rm som e m a lic io u s a c tio n W ith th e h e lp o f social

e n g in e e rin g tric k s , a tta c k e rs can o b ta in c o n fid e n tia l in fo rm a tio n , a u th o riz a tio n d e ta ils , and access d e ta ils o f p e o p le by d e c e iv in g and m a n ip u la tin g th e m

A tta c k e rs can easily b reach th e s e c u rity o f an o rg a n iz a tio n using social e n g in e e rin g tric k s All

s e c u rity m easures a d o p te d by th e o rg a n iz a tio n are in va in w h e n e m p lo y e e s g e t "so cia l

e n g in e e re d " by stra n g e rs Som e e xa m p le s o f social e n g in e e rin g in c lu d e u n w ittin g ly a n s w e rin g

th e q u e s tio n s o f stra n g e rs, re p ly in g to spam e m a il, and b ra g g in g in f r o n t o f c o -w o rk e rs

M o s t o fte n , p e o p le are n o t even a w a re o f a s e c u rity lapse on th e ir p a rt Chances are th a t th e y

d iv u lg e in fo rm a tio n to a p o te n tia l a tta c k e r in a d v e rte n tly A tta c k e rs ta k e special in te re s t in

d e v e lo p in g social e n g in e e rin g s k ills , and can be so p ro fic ie n t th a t th e ir v ic tim s m ig h t n o t even realize th a t th e y have been sca m m e d D e sp ite h a vin g s e c u rity p o lic ie s in place, o rg a n iz a tio n s can be c o m p ro m is e d because social e n g in e e rin g a tta c k s ta rg e t th e w ea kn e ss o f p e o p le to be

h e lp fu l A tta c k e rs are alw ays lo o k in g fo r n e w w ays to g a th e r in fo rm a tio n ; th e y e n su re th a t th e y

k n o w th e p e rim e te r and th e p e o p le on th e p e rim e te r s e c u rity guards, re c e p tio n is ts , and h e lp desk w o rk e rs in o rd e r to e x p lo it h u m a n o v e rs ig h t P eople have been c o n d itio n e d n o t to be

o v e rly su sp icio u s; th e y associate c e rta in b e h a v io r and a p p e a ra n ce s w ith k n o w n e n titie s For

Trang 8

in sta n ce , u p o n seeing a m an dressed in a u n ifo rm and c a rry in g a stack packages f o r d e liv e ry , any in d iv id u a l w o u ld ta k e h im t o be a d e liv e ry pe rso n

C o m p a n ie s lis t th e ir e m p lo y e e IDs, nam es, and e m a il addresses on th e ir o ffic ia l w e b s ite s

A lte rn a tiv e ly , a c o rp o ra tio n m ay p u t a d v e rtis e m e n ts in th e p a p e r fo r h ig h -te c h w o rk e rs w h o are tra in e d on O racle d ataba ses o r U N IX s e rv e rs These b its o f in fo rm a tio n h e lp a tta c k e rs k n o w

w h a t kind o f syste m th e y are ta c k lin g This o v e rla p s w ith th e re c o n n a is s a n c e phase

Trang 9

V Targets a re asked fo r h e lp a n d th e y c o m p ly o u t o f a sense o f m o ra l o b lig a tio n

Trang 10

Ethical H acking a n d C o u n te rm e a s u re s C o p y rig h t © by EC-C0UnCil

All Rights R ese rv e d R e p ro d u c tio n is S trictly P ro h ib ite d

M o d u le 0 9 P a g e 1301

Trang 12

M o d u le 0 9 P a g e 1303

Trang 13

W a r n i n g S i g n s o f a n A t t a c k C E H

In te rn e t a tta c k s have b e c o m e a business an d a tta c k e rs are

c o n s ta n tly a tte m p tin g to in v a d e n e tw o rk s

Trang 14

Phases in a Social E n g in e e rin g ( ^ H

Select Victim

Identify the frustrated

em ployees o f the target com pany

Research on Target Company

D um pster diving, websites, employees,

Collect sensitive account information, financial information, and current technologies

□

Develop Relationship

M o d u le 0 9 P a g e 1305

Trang 16

ill U Hi Hi

י י

י י 4

T em porary o r P erm anent Closure

Lawsuits and A rb itra tio n s

M o d u le 0 9 P a g e 1307

Trang 18

“ R e b e c c a ” a n d “ ][ e s s i c a ” C

C«rt 1fw< EH

IU nj I N m I m

is an easy target fo r social engineering, such as the receptionist o f a com pany

J Attackers use the term "Rebecca" and

"Jessica" to d e no te social engineering

E x a m p l e :

"T h e re w as a R ebecca a t th e b a n k a n d I a m g o in g to call h e r to e x tra c t th e p riv ile g e d in fo rm a tio n "

"I m e t M s Jessica, she w as an easy ta rg e t fo r so cia l e n g in e e rin g "

"D o y o u have a R ebecca in y o u r c o m p a n y ? "

M o d u le 0 9 P ag e 1309

Trang 19

Receptionists and Help Technical System

rators

Administ-SupportExecutivesDesk

Personnel

Vendors of the Target Organization

Users and Clients

Trang 20

M o d u le 0 9 P a g e 1311

Trang 21

C EH

C om m on Targets of Social

E ngineering: O ffice W orkers

Attackers can attem pt social engineering attacks on office workers

to extract the sensitive data, such as:

A ttacker m aking an a tte m p t as a valid

em plo yee to g a th e r in fo rm a tio n fro m th e sta ff o f a com pany

The victim em plo yee gives in fo rm a tio n back assum ing

Trang 22

A tta c k e r m a k in g an a tte m p t as a v a lid

e m p lo y e e to g a th e r in f o r m a tio n f r o m th e s ta ff o f a c o m p a n y

<

Th e v ic tim e m p lo y e e g ive s in fo r m a tio n b a ck a s s u m in g

FIGURE 09.1: Targets of Social Engineering

M o d u le 0 9 P a g e 1313

Trang 24

M o d u le 0 9 P a g e 1315

Trang 26

Human-based Social Engineering C EH

M o d u le 0 9 P a g e 1317

Trang 28

M o d u le 0 9 P a g e 1319

Trang 29

C A L L - 407 45 986 74

I W t W ORKING 24 HOURS A DAY

Trang 30

P C A u t h o r i t y S u p p o r t E x a m p l e

" H i , I a m J o h n B r o w n I ' m w i t h t h e e x t e r n a l a u d i t o r s A r t h u r S a n d e r s o n W e ' v e b e e n t o l d b y

c o r p o r a t e t o d o a s u r p r i s e i n s p e c t i o n o f y o u r d i s a s t e r r e c o v e r y p r o c e d u r e s Y o u r d e p a r t m e n t

h a s 1 0 m i n u t e s t o s h o w m e h o w y o u w o u l d r e c o v e r f r o m a w e b s i t e c r a s h "

M o d u le 0 9 P a g e 1321

Trang 31

A u t h o r i t y S u p p o r t E x a m p l e

C EH (Cont’d)

"H i I'm S h a ro n , a sales

re p o u t of th e N e w York o ffic e I k n o w this is short n o tic e , b u t I h ave a g ro u p o f prospective c lie n ts o u t in th e ca r th a t I've b ee n tr y in g fo r months to get to o u ts o u rc e th e ir s e c u rity tra in in g nee d s to us.

T h e y 're located ju s t a fe w m ile s a w a y a n d I th in k th a t if I can g ive

th e m a quick to u r o f o u r fa c ilitie s , it s h o u ld be e n o u g h to p ush th e m

o v e r th e e dg e a n d g e t th e m to sign u p

Oh y e a h , th e y a re p a r tic u la r ly in te re s te d in w h a t s e c u rity

p re c a u tio n s w e 'v e a d o p te d Seem s s o m e o n e h acke d

in to th e ir w e b s ite a w h ile back, w h ic h is o n e

Trang 32

M o d u le 0 9 P a g e 1323

Trang 33

S h o u ld e r s u rfin g can also be d o n e fo rm

a lo n g e r d ista n ce w ith th e aid o f v is io n

Trang 34

Sticky N o te s

Phone Bills

M o d u le 0 9 P a g e 1325

Trang 35

Human-based Social Engineering C EH

Trang 36

M o d u le 0 9 P a g e 1327

Trang 37

Human-based Social Engineering £ £ H

(Cont’d) (•rtifWd | lU.ul lUilwt

Piggybacking

J " I f o r g o t m y ID b a d g e a t h o m e

P le a s e h e lp m e "

J A n a u t h o r iz e d p e rs o n a llo w s ( in t e n t io n a lly o r u n in t e n t io n a lly )

a n u n a u t h o r iz e d p e r s o n t o p ass

t h r o u g h a s e c u re d o o r

Reverse Social Engineering

Trang 38

M o d u le 0 9 P a g e 1329

Trang 39

M o d u le 0 9 P a g e 1 3 3 0

Trang 40

M o d u le 0 9 P a g e 1331

Định dạng
Số trang	110
Dung lượng	5,11 MB