social engineering / smartphone and driveby · 2018-09-17 · tel +41 55 214 41 60 fax +41 55 214...
TRANSCRIPT
![Page 1: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/1.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering /SmartPhone and DriveBy
Beer-Talk Compass Security AG, October 25, 2012
Walter Sprenger
![Page 2: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/2.jpg)
© Compass Security AG Slide 2www.csnc.ch
Agenda
Introduction to Social Engineering� Attack/spoofing vectors
� Phishing Sites / Trojan Horses
Live Demos
Compass Experience� Numbers and Facts
� Social Engineering Pitfalls
� Countermeasures
Social Engineering Test Benefits
![Page 3: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/3.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
What is Social Engineering?
![Page 4: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/4.jpg)
© Compass Security AG Slide 4www.csnc.ch
What is social engineering?
![Page 5: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/5.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Attack Vectors / Spoofing Methods
![Page 6: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/6.jpg)
© Compass Security AG Slide 6www.csnc.ch
Attack vectors
![Page 7: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/7.jpg)
© Compass Security AG Slide 7www.csnc.ch
Spoofing Methods
Why do you trust a message?� I know the sender (phone number, mail-address)
� I know the structure of the message
� I expect the message
Why do you trust a web site?� I know the domain of the website
� I only provide data on secured web sites
![Page 8: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/8.jpg)
© Compass Security AG Slide 8www.csnc.ch
Targeted Attacks
Why make a lot of noise if one victim provides the information I want?� Run attack to only a few individuals
� Take more time on one individual, better preparation of the attack
Targeted Attacks� Do not raise suspicion
� No AntiVir patterns for used malware
� Hard to detect in log files / with intrusion prevention systems
� Longer infection possible, restart malware everytime the user logs in – longtime compromise
![Page 9: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/9.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Phishing Sites
![Page 10: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/10.jpg)
© Compass Security AG Slide 10www.csnc.ch
Simple Phishing Website
![Page 11: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/11.jpg)
© Compass Security AG Slide 11www.csnc.ch
Simple Phishing Website explained
![Page 12: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/12.jpg)
© Compass Security AG Slide 12www.csnc.ch
Example of complex Phishing Site
User receives
Email with Link
Click
Login
View
Phishing Site
opened
Video Page
shown
Download
malicious Video
Codec
No
Yes
No
Credentials
entered
Yes
Install
No
Attacker takes
control
Yes
No
Remote Shell
started
Victim can’t decide
any more
Phishing Website Malware
![Page 13: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/13.jpg)
© Compass Security AG Slide 13www.csnc.ch
Analysis of complex Phishing Sites
0 50 100 150 200 250 300 350 400 450 500
Installed Video Codec
Downloaded Video Codec
Clicked on Video Page
Entered Credentials
Clicked on Link in Email
Sum sent Phising Mails
![Page 14: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/14.jpg)
© Compass Security AG Slide 14www.csnc.ch
Analysis of complex Phishing Sites (2)
0 20 40 60 80 100 120 140 160
Installed Video Codec
Downloaded Video Codec
Clicked on Video Page
Entered Credentials
Clicked on Link in Email
Before Detection
After Detection
![Page 15: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/15.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Trojan Horses
![Page 16: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/16.jpg)
© Compass Security AG Slide 16www.csnc.ch
Covert Channel
Trojan Horse
InternetCompany Network
Delivery via USB-Stick
Started by
User
Attacker „observes“
the victim computer
![Page 17: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/17.jpg)
© Compass Security AG Slide 17www.csnc.ch
Trojan Horse explained
NetC
at Rem
ote Shell
![Page 18: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/18.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Live Demos
![Page 19: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/19.jpg)
© Compass Security AG Slide 19www.csnc.ch
Live Demo – Computer Phishing
A1) Webmail Phishing� Attack Vector:
� eMail with URL
� Goal:
� Get Webmail/Windows credentials
A2) FaceBook Phishing (Invitation)� Attack Vector:
� eMail with Facebook invitation
� Goal:
� Get Facebook credentials / Impersonation
![Page 20: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/20.jpg)
© Compass Security AG Slide 20www.csnc.ch
Live Demo – SmartPhone Information
B1) SMS from your Bank� Attack Vector:
� SMS with call back number
� Goal:
� Get personal information
B2) GPS location� Attack Vector:
� SMS with URL to location web site
� Goal:
� Get coordinates of victim
![Page 21: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/21.jpg)
© Compass Security AG Slide 21www.csnc.ch
Live Demo – SmartPhone Phishing
B3) iCloud Phishing� Attack Vector:
� SMS with URL to phishing web site
� Goal:
� Get iCloud credentials
� Steal date stored in iCloud (contacts, files, backup, etc.)
B4) Android NFC Business Card� Attack Vector:
� Business card with modifed NFC, points to phishing web site
� Goal:
� Get Google credentials
� Steal data stored on Google (mails, contacts, files, etc.)
� Install trojan app on mobile phone
![Page 22: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/22.jpg)
© Compass Security AG Slide 22www.csnc.ch
Live Demo – Trojan User Interaction
C1) Exe in Word-Dokument� Attack Vector:
� Mail with Word-Document
� Goal:
� Remote control the workstation of the user
C2) Download EXE� Attack Vector:
� Facebook chat message – download URL
� Goal:
� Remote control the workstation of the user
C3) USB Trojan� Attack Vector:
� USB stick with interesting file (EXE)
� Goal:
� Remote control the workstation of the user
![Page 23: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/23.jpg)
© Compass Security AG Slide 23www.csnc.ch
Live Demo – Trojan DriveBy
D1) Drive-By Java 0-Day� Attack Vector:
� Web site with URL
� Goal:
� Remote control the workstation of the user
![Page 24: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/24.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Numbers and Facts
![Page 25: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/25.jpg)
© Compass Security AG Slide 25www.csnc.ch
Phishing Website
16%
84%
Credentials Phished
No result
![Page 26: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/26.jpg)
© Compass Security AG Slide 26www.csnc.ch
USB-Stick with Trojan Horse
28%
72%
Inserted
No response
![Page 27: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/27.jpg)
© Compass Security AG Slide 27www.csnc.ch
E-Mail with Trojan Horse
7%
93%
Clicked
Not clicked
![Page 28: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/28.jpg)
© Compass Security AG Slide 28www.csnc.ch
Installing Access Point
100%
0%
Sucessfully installed
Access Denied
![Page 29: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/29.jpg)
© Compass Security AG Slide 29www.csnc.ch
Phone – Give me your password
![Page 30: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/30.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering Pitfalls
![Page 31: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/31.jpg)
© Compass Security AG Slide 31www.csnc.ch
Social Engineering Pitfalls
� Technical Pitfalls
� Firewalls (also Personal Firewall)
� SPAM-Filter
� URLs blocked
� Virus/Process Scanner
� IDS
� Wireless Strength
� Organizational Pitfalls
� System Administrator
� Employees
� Access Control
� Legal
� Bring somebody to shame
![Page 32: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/32.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Countermeasures
![Page 33: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/33.jpg)
© Compass Security AG Slide 33www.csnc.ch
But, you can protect your Company
� Technical Countermeasures
� Virus Scanner
� Disable Autorun / USB / CD-ROM
� Disable dangerous attachements in Emails
� Firewalls / Content Filter / SSL-Split-Proxy
� IDS
� Protocol Sanitation (HTTP / DNS)
� Limit user permissions
� Secure WLAN
� Organizational Countermeasures
� Access Control
� Security Zones
� Educate Employes – User Awareness
� Security Policies
� Awareness Demo
� Social Engineering Test
![Page 34: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/34.jpg)
Tel +41 55 214 41 60Fax +41 55 214 41 [email protected] www.csnc.ch
Compass Security AGWerkstrasse 20Postfach 2038CH-8645 Jona
Social Engineering Test Benefits
![Page 35: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/35.jpg)
© Compass Security AG Slide 35www.csnc.ch
Social Engineering Test Benefits
I know Social Engineering always works.
So why should I conduct a Social Engineering Test in my company?
![Page 36: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/36.jpg)
© Compass Security AG Slide 36www.csnc.ch
Social Engineering Test Benefits
Technical Infrastructure – Sufficient?
Incident Handling – Adequate?
Security Awareness Courses – Learning Success?
Security Processes – No Weak Points?
Access Control – Impenetrably?
![Page 37: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/37.jpg)
© Compass Security AG Slide 37www.csnc.ch
Thank you very much for your attention!
Thank you!
![Page 38: Social Engineering / SmartPhone and DriveBy · 2018-09-17 · Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona](https://reader036.vdocuments.mx/reader036/viewer/2022070822/5f28709f830b7134f14f0570/html5/thumbnails/38.jpg)
© Compass Security AG Slide 38www.csnc.ch
Contact
Compass Security Network Computing
Werkstrasse 20
Postfach 2038
CH - 8645 Jona
[email protected] | www.csnc.ch | +41 55 214 41 60
Secure File Exchange: www.csnc.ch/filebox
PGP-Fingerprint: