Anatomy of an Enterprise Social Cyber Attack Part 2
1
Search... Samantha Smith IT Technician @ Major National Bank San Fransisco Bay Area | Finance & Banking 3rd People also viewed these profiles 500+ connections Harmon University Major National Bank IT Technician December 2014 - Present (7 Months) EPISODE 1: SOCIAL ENGINEERING Everyone wants more friends. In the age of digital deception, anyone can claim anything in the spirit of popularity. But even more frightening, is the fact that social media presents the opportunity to not just lie about your age, job title, or marital status, but concoct entirely fraudulent or impersonating personas. State-of-the-art cyber criminals are now as social media savvy as the average high schooler, and fraudulent profiles are the new standard vehicle for cyber attacks -- be it spear phishing, account hijacking or distributing malware. What follows below is a sample of one of the most common and effective methods of attack. SAMANTHA SMITH Employee at a Major National Bank “LOKI” International Information Thief, posing as Samantha’s CEO THE ANATOMY OF AN ENTERPRISE SOCIAL MEDIA CYBER ATTACK THE RESULT: Sam downloads the PDF and, unbeknownst to her, executes the malware. “Loki” gains access to critical systems and begins exfiltrating customer’s financial information. By the time the breach is identified weeks later, tens of thousands of stolen records have been sold on the black markets of the internet. PDF THE RISE OF SOCIAL CYBER ATTACKS [email protected] 844.FOX.7259 PART DEUX THE PREP: PART 1 HACKER “LOKI” DID HIS HOMEWORK… Loki knows Samantha’s job title, which is publically available on social media. As an IT Technician, Sam has access to critical infrastructure... and Loki now knows that. Loki also conducted a simple online search to guage how extensive the social presence of the bank’s CEO is, and now knows it’s fairly minimal, making it (and him) extremely easy to exploit. Major National Bank CEO THE FINANCIAL FIRM SPENDS MILLION$$ ON INCIDENT RESPONSE AND PR CRISIS CONTROL PDF THE PREP: PART 3 2 MONTHS BEFORE THE ATTACK “Loki” buys an exploit kit and keylogger malscript and embeds it in a PDF. THE PREP: PART 4 1 MONTH BEFORE THE ATTACK “Loki” sends a connection request to Samantha directly. Samantha accepts, thrilled the CEO knows who she is. CEO (“Loki”): Samantha, why is my email down? Need help ASAP! SAMANATHA: No problem, can you tell me exactly what’s happening? 4 IN 10 USERS HAVE EXPERIENCED CYBERCRIME ON SOCIAL MEDIA Our world is under the constant threat of impending cyber-attacks, and with the ever-increasing advancement of social media, we need a solution to tackle those same cyber spaces no one else is covering yet. ZeroFOX provides a social media security solution by continuously monitoring your social landscape for fraudulent accounts impersonating your brand and people. In the instance of this particular infographic, ZeroFOX would have alerted on the fake CEO account and initiated our automated takedown process, mitigating the incomprehensible amounts of damage Hacker “Loki” was able to accomplish. LEARN MORE ABOUT SOCIAL MEDIA CYBER ATTACKS AT: NEARLY 1/4 OF USERS REPORT RECEIVING MALWARE ON SOCIAL MEDIA 1/3 OF DATA BREACHES ARE A RESULT OF SOCIAL TACTICS MORE EMPLOYEES HAVE EXPERIENCED CYBERCRIME ON SOCIAL THAN ANY OTHER APPLICATION, INCLUDING EMAIL THE ATTACK IT Tech Hacker VS CEO: Just says error loading. Last time this happened I followed the steps in this doc techsupport.pdf James Johnson CEO @ Major National Bank San Fransisco Bay Area | Finance & Banking 3rd People also viewed these profiles 850+ connections Yard University Major National Bank Chief Executive Officer December 2001 - Present (14 Years ) THE PREP: PART 2 3 MONTHS BEFORE THE ATTACK “Loki” builds a convincing fake profile of the CEO. To make the account appear legitimate, he connects with Samantha’s friends in the financial industry, a tactic called “gatekeeper friending”.
-
Upload
zerofox -
Category
Technology
-
view
178 -
download
1
Transcript of Anatomy of an Enterprise Social Cyber Attack Part 2
Search...
Samantha SmithIT Technician @ Major National BankSan Fransisco Bay Area | Finance & Banking
3rd
People also viewed these pro�les
500+ connections Harmon University
Major National Bank IT TechnicianDecember 2014 - Present (7 Months)
EPISODE 1: SOCIAL ENGINEERINGEveryone wants more friends. In the age of digital deception, anyone can claim anything in the spirit of popularity. But even
more frightening, is the fact that social media presents the opportunity to not just lie about your age, job title, or marital status, but concoct entirely fraudulent or impersonating personas. State-of-the-art cyber criminals are now as social media savvy as the
average high schooler, and fraudulent pro�les are the new standard vehicle for cyber attacks -- be it spear phishing, account hijacking or distributing malware. What follows below is a sample of one of the most common and e�ective methods of attack.
SAMANTHA SMITHEmployee at a Major National Bank
“LOKI” International Information Thief,
posing as Samantha’s CEO
THE ANATOMY OF AN
ENTERPRISESOCIALMEDIACYBERATTACK
THE RESULT:Sam downloads the PDF and, unbeknownst to her, executes the malware. “Loki” gains access to critical systems and begins ex�ltrating customer’s �nancial information. By the time the breach is identi�ed weeks later, tens of thousands of stolen records have been sold on the black markets of the internet.
THE RISE OF SOCIAL CYBER ATTACKS
[email protected] 844.FOX.7259
PART DEUX
THE PREP: PART 1HACKER “LOKI” DID HIS HOMEWORK…Loki knows Samantha’s job title, which is publically available on social media. As an IT Technician, Sam has access to critical infrastructure... and Loki now knows that.
Loki also conducted a simple online search to guage how extensive the social presence of the bank’s CEO is, and now knows it’s fairly minimal, making it (and him) extremely easy to exploit.
Major National Bank CEO
THE FINANCIAL FIRM SPENDS MILLION$$ ON INCIDENT RESPONSE AND PR CRISIS CONTROL
THE PREP: PART 32 MONTHS BEFORE THE ATTACK“Loki” buys an exploit kit and keylogger malscript and embeds it in a PDF.
THE PREP: PART 41 MONTH BEFORE THE ATTACK“Loki” sends a connection request to Samantha directly. Samantha accepts, thrilled the CEO knows who she is.
CEO (“Loki”): Samantha, why is my email down? Need help ASAP!
SAMANATHA: No problem, can you tell me exactly what’s happening?
4 IN 10 USERS HAVE EXPERIENCED CYBERCRIME ON SOCIAL MEDIA
Our world is under the constant threat of impending cyber-attacks, and with the ever-increasing advancement of social media, we need a solution to tackle those same cyber spaces no one else is covering yet. ZeroFOX provides a social media security solution by continuously monitoring your social landscape for fraudulent accounts impersonating your brand and people. In
the instance of this particular infographic, ZeroFOX would have alerted on the fake CEO account and initiated our automated takedown process, mitigating the incomprehensible amounts of damage Hacker “Loki” was able to accomplish.
LEARN MORE ABOUT SOCIAL MEDIA CYBER ATTACKS AT:
NEARLY 1/4 OF USERS REPORT RECEIVING MALWARE ON SOCIAL MEDIA
1/3 OF DATA BREACHES ARE A RESULT OF SOCIAL TACTICS
MORE EMPLOYEES HAVE EXPERIENCED CYBERCRIME ON SOCIAL THAN ANY OTHER APPLICATION, INCLUDING EMAIL
THE ATTACK
IT Tech HackerVS
CEO: Just says error loading. Last time this happened I followed the steps in this doc techsupport.pdf
James JohnsonCEO @ Major National BankSan Fransisco Bay Area | Finance & Banking
3rd
People also viewed these pro�les
850+ connections Yard University
Major National Bank Chief Executive O�cerDecember 2001 - Present (14 Years )
THE PREP: PART 23 MONTHS BEFORE THE ATTACK“Loki” builds a convincing fake pro�le of the CEO. To make the account appear legitimate, he connects with Samantha’s friends in the �nancial industry, a tactic called “gatekeeper friending”.
